Security Incident Response Criteria: A Practitioner's Perspective
This addresses the need for better security incident response processes for organizations, but it is incremental as it builds on existing approaches with new criteria.
The paper tackles the problem of financial losses from security incidents by proposing Security Incident Response Criteria (SIRC) derived from empirical data in a Global Fortune 500 organization, aiming to evaluate existing solutions and guide future improvements.
Industrial reports indicate that security incidents continue to inflict large financial losses on organizations. Researchers and industrial analysts contend that there are fundamental problems with existing security incident response process solutions. This paper presents the Security Incident Response Criteria (SIRC) which can be applied to a variety of security incident response approaches. The criteria are derived from empirical data based on in-depth interviews conducted within a Global Fortune 500 organization and supporting literature. The research contribution of this paper is twofold. First, the criteria presented in this paper can be used to evaluate existing security incident response solutions and second, as a guide, to support future security incident response improvement initiatives.