Abstract
An information security incident, if successfully discovered and reported, initiates a distributed response process that activates a diverse collection of independent actors. Public officials, network service providers, information security companies, research organisations, and volunteers from all over the world can be involved; often without the participants realising whom they are working with. The cooperation is based on mostly informal bilateral arrangements and is aided by mutual trust accumulated over course of time. Each participant wants to limit their involvement and typically only assumes responsibility on their own actions. Information suggesting that third parties would be affected may or may not be followed up. The result is an unplanned mesh of bilateral information sharing and a formation of an ad-hoc network of partial stakeholders. No single entity exercises total control over the process, which makes it inherently uncontrollable and its results difficult to anticipate. This contrasts with the information security standards, where the process is expected to be well defined and under the control of a clearly stated leadership. The study suggests that internet-connected organisations should adopt a rather agnostic approach to information security incident reporting.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
AbuseHelper project pages, http://code.google.com/p/abusehelper/
American Registry for Internet Numbers ARIN: Introduction to ARIN’s database, https://www.arin.net/knowledge/database.html#abusepoc
Arvidsson, J., Cormack, A., Demchenko, Y., Meijer, J.: TERENA’s Incident Object Description and Exchange Format Requirements (RFC 3067). Internet Engineering Task Force (2001)
Asia Pacific Computer Emergency Response Team, Member Teams, http://www.apcert.org/about/structure/members.html
Brownlee, N., Guttman, E.: Expectations for Computer Security Incident Response (RFC 2350, BCP 21). Internet Engineering Task Force (1998)
Brunner, E., Suter, M.: International CIIP Handbook 2008/2009, An Inventory of 25 National and 7 International Critical Information Infrastructure Protection Policies. Center for Security Studies, ETH Zurich, Switzerland (2008)
Bryk, H.: National and Government CSIRTs in Europe, Study Conducted by CERT-FI. Finnish Communications Regulatory Authority, Helsinki, Finland (2009)
Bryk, H.: A study among certain European computer security incident response teams and application of good practices in Finnish Communication Regulatory Authority. Helsinki University of Technology, Espoo, Finland (2008)
Centre for the Protection of National Infrastructure, International CIIP Directory, Issue 21 (2009) (unpublished)
CERT Coordination Center, CSIRTs with National Responsibility, http://www.cert.org/csirts/national/
Commission to the European Communities: Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions on Critical Information Infrastructure Protection - Protecting Europe from large scale cyber-attacks and disruptions: enhancing preparedness, security and resilience, COM (2009) 149 final. Brussels (2009)
Common Criteria for Information Technology Security Evaluation: Part 2: Security functional components. Version 3.1, Revision 3, Final (2009)
Cormack, A., Stikvoort, D., Woeber, W., Robachevsky, A.: IRT Object in the RIPE Database, ripe-254 (2002)
Cover, R. (ed.): Incident Object Description and Exchange Format (IODEF), http://xml.coverpages.org/iodef.html
Crocker, S.: Mailbox Names for Common Services, Roles and Functions (RFC 2142). Internet Engineering Task Force (1997)
Danyliw, R., Meijer, J., Demchenko, Y.: The Incident Object Description Exchange Format (RFC 5070), Internet Engineering Task Force (2007)
DoD 5200.28-STD: Department of Defense Trusted Computer Security Evaluation Criteria. National Computer Security Center (1985)
Dörges, T.: Information Security Exchange Formats and Standards. Slides for the presentation held during FIRST 2009 Conference in Kyoto (2009)
Eronen, J., Röning, J.: Graphingwiki - a Semantic Wiki extension for visualising and inferring protocol dependency. Paper presented in the First Workshop on Semantic Wikis “SemWiki 2006 - From Wiki to Semantics,” co-Located with the 3rd Annual European Semantic Web Conference (ESWC), Budva, Montenegro, June11-14 (2006)
European Government CERTs Group, EGC Emergency Contact Information (unpublished)
European Network and Information Security Agency: Inventory of CERT activities in Europe, http://www.enisa.europa.eu/act/cert/background/inv/files/inventory-of-cert-activities-in-europe
Finnish Communications Regulatory Authority: On information security and functionality of Internet access services, Regulation 13 A/2008 M. Finnish Communication Regulatory authority, Helsinki, Finland (2008)
Finnish Parliament: Act on the Protection of Privacy in Electronic Communications 516/2004, Edita Publishing Oy, Helsinki, Finland (2004)
Forum of Incident Response and Security Teams, Alphabetical list of FIRST Members, http://www.first.org/members/teams/
Fraser, B.: Site Security Handbook (RFC 2196). Internet Engineering Task Force (1997)
Grenman, T.: Autoreporter – Keeping the Finnish Network Space Secure. Finnish Communications Regulatory Authority, CERT-FI, Helsinki, Finland (2009)
Harju Maakohus (Harju District Court): Court decision in criminal case 1-09-3476(07221000080), judge Julia Vernikova, Tallinn (2010); (only available in Estonian)
ISO/IEC 27001:2005(E): Information technology. Security techniques. Information security management systems. Requirements. International standard, First edition (2005)
ISO/IEC 27002:2005(E): Information technology — Security techniques — Code of practice for information security management. International standard, First edition (2005)
Killalea, T.: Recommended Internet Service Provider Security Services and Procedures (RFC 3013, BCP 46). Internet Engineering Task Force (2000)
Knecht, T.: Abuse contact information (prop-079-v003), http://www.apnic.net/policy/proposals/prop-079
Latin American and Caribbean Internet Addresses Registry LACNIC: Allocation of Autonomous System Numbers (ASN), LACNIC Policy Manual (v1.3 - 07/11/2009), http://lacnic.net/en/politicas/manual4.html
MITRE Corporation, Common Event Expression, http://cee.mitre.org/
Pethia, R., Crocker, S., Fraser, B.: Guidelines for the Secure Operation of the Internet (RFC 1281). Internet Engineering Task Force (1991)
Porvoo magistrate’s court: Decision 09/863 in criminal case R 09/446 (2009) (only available in Finnish)
Ruefle, R., Rajnovic, D.: FIRST Site Visit Requirements and Assessment, version 1.0. Forum of Incident Response and Security Teams (2006)
S-Cure: Trusted Introducer for CSIRTs in Europe, Appendix B: Information Template for “accredited” CSIRTs, version 4.0. Trusted Introducer (2009)
Scarfone, K., Grance, T., Masone, K.: Computer Security Incident Handling Guide - Recommendations of the National Institute of Standards and Technology, NIST Special Publication 800-61, Revision 1. National Institute of Standards and Technology (2008)
Shafranovich, Y., Levine, J., Kucherawy, M.: An Extensible Format for Email Feedback Reports, Internet-Draft version 4. MARF Working Group (2010)
Trusted Introducer, Team Info, Listed Teams by Name, https://www.trusted-introducer.org/teams/alpha_LICSA.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Koivunen, E. (2012). “Why Wasn’t I Notified?”: Information Security Incident Reporting Demystified. In: Aura, T., Järvinen, K., Nyberg, K. (eds) Information Security Technology for Applications. NordSec 2010. Lecture Notes in Computer Science, vol 7127. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27937-9_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-27937-9_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-27936-2
Online ISBN: 978-3-642-27937-9
eBook Packages: Computer ScienceComputer Science (R0)