Title :
A Post-Mortem Incident Modeling Method
Author :
Ardi, Shanai ; Shahmehri, Nahid
Author_Institution :
Dept. of Comput. & Inf. Sci., Linkopings Univ., Linkoping
Abstract :
Incident post-mortem analysis after recovery from incidents is recommended by most incident response experts. An analysis of why and how an incident happened is crucial for determining appropriate countermeasures to prevent the recurrence of the incident. Currently, there is a lack of structured methods for such an analysis, which would identify the causes of a security incident. In this paper, we present a structured method to perform the post-mortem analysis and to model the causes of an incident visually in a graph structure. This method is an extension of our earlier work on modeling software vulnerabilities. The goal of modeling incidents is to develop an understanding of what could have caused the security incident and how its recurrence can be prevented in the future. The method presented in this paper is intended to be used during the post-mortem analysis of incidents by incident response teams.
Keywords :
security of data; countermeasures; graph structure; incident post-mortem analysis; incident response teams; post-mortem incident modeling; security incident; software vulnerability modeling; Availability; Computer security; Computerized monitoring; Condition monitoring; Data security; Failure analysis; Information science; Information security; NIST; Performance analysis; Incident response; incident cause graph; incident modeling; post-mortem analysis;
Conference_Titel :
Availability, Reliability and Security, 2009. ARES '09. International Conference on
Conference_Location :
Fukuoka
Print_ISBN :
978-1-4244-3572-2
Electronic_ISBN :
978-0-7695-3564-7
DOI :
10.1109/ARES.2009.108
