Indicators for ICT security incident management
MetadataShow full item record
Managing the different types and the nature of information security incidents has become a challenging task. However, the use of security incident indicators can improve the capabilities of the incident management process. Indicators are not only needed to assess and monitor the quality of incident management capabilities by quantifying overall processes, but also to provide an early warning and notification of incident occurrences. Though some research work has been initiated for development of measurements and indicators in information security incident management, use of those have been relatively sparse. Also, varied profiles of organizations, changing nature of threats and frequent update and advancement in technology have made it difficult to establish a set of common measurements and indicators. However, there exists significant amount of research, development and implementation of indicators in the safety field. It would be of significant interest to investigate whether safety performance indicators could be adapted to the field of security incident management. In this thesis, a literature study has been performed in the field of safety performance indicators. This study provided us with some results, indicating that effective safety performance indicators could be adapted to the security incident management field. Effective indicators have been adapted to different phases of security incident management through a defined methodology. Those indicators are analysed in detail with their usage, scope, pros and cons in different phases of the incident management process. This thesis also includes a scenario describing the use and implementation of such indicators. It was found that safety indicators could be adapted to the plan, prepare and protect phase, the respond phase and the review phase of an incident management process, and they have been effective to measure the efficiency as well as the capabilities of corresponding phases. For the detection phase, however, it was found that the safety indicators could only be adapted with great difficulties.