کد مقاله کد نشریه سال انتشار مقاله انگلیسی نسخه تمام متن
455905 695600 2014 16 صفحه PDF دانلود رایگان
عنوان انگلیسی مقاله ISI
Information security incident management: Current practice as reported in the literature
ترجمه فارسی عنوان
مدیریت حوادث امنیتی اطلاعات: عمل جاری که در ادبیات گزارش شده است
موضوعات مرتبط
مهندسی و علوم پایه مهندسی کامپیوتر شبکه های کامپیوتری و ارتباطات
چکیده انگلیسی


• Current practice strives to be compliant with standards such as ISO/IEC 27035.
• Some recommended practices from standards are difficult for organisations to follow.
• More empirical research is needed to answer why incident response challenges remain.

This paper reports results of a systematic literature review on current practice and experiences with incident management, covering a wide variety of organisations. Identified practices are summarised according to the incident management phases of ISO/IEC 27035. The study shows that current practice and experience seem to be in line with the standard. We identify some inspirational examples that will be useful for organisations looking to improve their practices, and highlight which recommended practices generally are challenging to follow. We provide suggestions for addressing the challenges, and present identified research needs within information security incident management.

ناشر
Database: Elsevier - ScienceDirect (ساینس دایرکت)
Journal: Computers & Security - Volume 45, September 2014, Pages 42–57
نویسندگان
, , ,