A collaborative approach for national cybersecurity incident management
Information and Computer Security
ISSN: 2056-4961
Article publication date: 28 June 2021
Issue publication date: 17 August 2021
Abstract
Purpose
Collaborative-based national cybersecurity incident management benefits from the huge size of incident information, large-scale information security devices and aggregation of security skills. However, no existing collaborative approach has been able to cater for multiple regulators, divergent incident views and incident reputation trust issues that national cybersecurity incident management presents. This paper aims to propose a collaborative approach to handle these issues cost-effectively.
Design/methodology/approach
A collaborative-based national cybersecurity incident management architecture based on ITU-T X.1056 security incident management framework is proposed. It is composed of the cooperative regulatory unit with cooperative and third-party management strategies and an execution unit, with incident handling and response strategies. Novel collaborative incident prioritization and mitigation planning models that are fit for incident handling in national cybersecurity incident management are proposed.
Findings
Use case depicting how the collaborative-based national cybersecurity incident management would function within a typical information and communication technology ecosystem is illustrated. The proposed collaborative approach is evaluated based on the performances of an experimental cyber-incident management system against two multistage attack scenarios. The results show that the proposed approach is more reliable compared to the existing ones based on descriptive statistics.
Originality/value
The approach produces better incident impact scores and rankings than standard tools. The approach reduces the total response costs by 8.33% and false positive rate by 97.20% for the first attack scenario, while it reduces the total response costs by 26.67% and false positive rate by 78.83% for the second attack scenario.
Keywords
Acknowledgements
The authors thank the management of the Centre for Security, Communications and Networks, School of Computing and Mathematics, Plymouth University, Plymouth, UK for providing the cybersecurity infrastructure for the experiments.
Citation
Oriola, O., Adeyemo, A.B., Papadaki, M. and Kotzé, E. (2021), "A collaborative approach for national cybersecurity incident management", Information and Computer Security, Vol. 29 No. 3, pp. 457-484. https://doi.org/10.1108/ICS-02-2020-0027
Publisher
:Emerald Publishing Limited
Copyright © 2021, Emerald Publishing Limited