Cognitive Security for Incident Management Process

  • Roberto AndradeEmail author
  • Jenny Torres
  • Susana Cadena
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 918)


This work presents the literature review about the process of handling security incidents to identify standards or guidelines published by international organizations. Based on this research we identified the phases of the incident management processes with the goal of analyze automation proposals for improve efficiency and response times. Finally, we analyzed the contribution of cognitive security to enhanced the cognitive skills of security specialists in the execution of tasks that are associated with the detection phase in the incident management process.


Cognitive security Incident response Detection Big-data 



The authors would like to thank the financial support of the Ecuadorian Corporation for the Development of Research and the Academy (RED CEDIA) for the development of this work, under Project Grant GT-II-2017.


  1. 1.
    Nugraha, A., Legowo, N.: Implementation of incident management for data services using ITIL V3 in telecommunication operator company. In: 2017 International Conference on Applied Computer and Communication Technologies (ComCom), pp. 1–6 (2017)Google Scholar
  2. 2.
    Krichene, J., Boudriga N.: Incident response probabilistic cognitive maps. In: 2008 IEEE International Symposium on Parallel and Distributed Processing with Applications, pp. 689–694 (2008)Google Scholar
  3. 3.
    Berenjian, S., Shajari, M., Farshid, N., Hatamian, M.: Intelligent automated intrusion response system based on fuzzy decision making and risk assessment. In: 2016 IEEE 8th International Conference on Intelligent Systems (IS), pp. 709–714 (2016)Google Scholar
  4. 4.
    Latrache, A., Nfaoui, H., Boumhidi, J.: Multi agent based incident management system according to ITIL. In: 2015 Intelligent Systems and Computer Vision (ISCV), pp. 1–7 (2015)Google Scholar
  5. 5.
    Kundu, A., Ghosh, S. K.: Game theoretic attack response framework for enterprise networks. In: Distributed Computing and Internet Technology, pp. 263–274 (2014)CrossRefGoogle Scholar
  6. 6.
    Lanchas, V.M., González, V.A.V., Bueno, F.R.: Ontologies-based automated intrusion response system. In: Herrero, Á., Corchado, E., Redondo, C., Alonso, Á (eds.) Computational Intelligence in Security for Information Systems 2010. AISC, vol. 85. Springer, Heidelberg (2010)Google Scholar
  7. 7.
    NIST: Roadmap for Improving Critical Infrastructure Cybersecurity (2014).
  8. 8.
    Grispos, G., Glisson, W., Storer, T.: Rethinking security incident response: the integration of agile principles. In: 20th Americas Conference on Information Systems, Journal, Dagstuhl Reports (2014)Google Scholar
  9. 9.
    IBM: Applied Cognitive Security: Complementing the Security Analyst (2017).
  10. 10.
    Johannes, W.: Limits to Effectiveness in Computer Security Incident Response Teams (2005).
  11. 11.
    Killcrece, G., Kossakowski, K.-P., Ruefle, R., Zajicek, M.: State of the Practice of Computer Security Incident Response Teams. Software Engineering Institute, Carnegie Mellon University (2003)Google Scholar
  12. 12.
    Denyer, D., Tranfield, D.: Producing a systematic review. In: The Sage Handbook of Organizational Research Methods, pp. 671–689 (2009)Google Scholar
  13. 13.
    Costa, E., Soares, A.L., de Sousa, J.P.: Information, knowledge and collaboration management in the internationalisation of SMEs: a systematic literature review. Int. J. Inf. Manag. 36(4), 557–569 (2016)CrossRefGoogle Scholar
  14. 14.
    Guilera, G., Barrios, M., Gómez-Benito, J.: Meta-analysis in psychology: a bibliometric study. Scientometrics 94(3), 943–954 (2013)CrossRefGoogle Scholar
  15. 15.
    IETF: RFC2196 Site Security Handbook (1997).
  16. 16.
    IETF: RFC2235 Hobbes’ Internet Timeline (1997). Accessed 9 Sept 2018
  17. 17.
    Alberts, C., Dorofee, A., Killcrece, G., Ruefle, R., Zajicek, M.: Defining Incident Management Processes for CSIRTs: A Work in Progress. Carnegie Mellon University, Software Engineering Institute (2004)Google Scholar
  18. 18.
    Killcrece, G., Kossakowski, K.-P., Ruefle, R., Zajicek, M.: Organizational Models for Computer Security Incident Response Teams. Software Engineering Institute, Carnegie Mellon University (2003)Google Scholar
  19. 19.
    SANS: Incident Handler’s Handbook (2005).
  20. 20.
    ITIL: Information Technology Infrastructure Library (2011).
  21. 21.
    NIST: Computer Security Incident Handling Guide (2012).
  22. 22.
    SANS: Incident Handler’s Handbook (2005).
  23. 23.
    ENISA: Good Practice Guide for Incident Management (2010).
  24. 24.
    ISO: ISO/IEC 27035:2016 Information technology - security techniques – information security incident management (2016).
  25. 25.
    Shameli-Sendi, A., Ezzati-Jivan, N., Jabbarifar, M., Dagenais, M.: Intrusion response systems: survey and taxonomy. Int. J. Comput. Sci. Netw. Secur. (IJCSNS) 12, 1–14 (2012)Google Scholar
  26. 26.
    Zonouz, S., Khurana, H., Sanders, W., Yardley, T.: RRE: a game-theoretic intrusion response and recovery engine. J. IEEE Trans. Parallel Distrib. Syst. 25, 395–406 (2014)CrossRefGoogle Scholar
  27. 27.
    Luo, Y., Szidarovszky, F., Al-Nashif, Y., Hariri, S.: A fictitious play-based response strategy for multistage intrusion defense systems. J. Secur. Commun. Netw. 7, 473–491 (2014)CrossRefGoogle Scholar
  28. 28.
    Chengpo, M., Yingjiu, L.: An intrusion response decision-making model based on hierarchical task network planning. J. Expert Syst. Appl. 37, 2465–2472 (2010)CrossRefGoogle Scholar
  29. 29.
    Shameli-Sendi, A., Dagenais, M.: ARITO: cyber-attack response system using accurate risk impact tolerance. Int. J. Inf. Secur. 13, 367–390 (2014)CrossRefGoogle Scholar
  30. 30.
    Shameli-Sendi, A., Louafi, H., Cheriet, M.: Dynamic optimal countermeasure selection for intrusion response system. IEEE Trans. Dependable Secur. Comput. 15, 755–770 (2018)CrossRefGoogle Scholar
  31. 31.
    Iannucci, S., Abdelwahed, S.: Model-based response planning strategies for autonomic intrusion protection. ACM Trans. Auton. Adapt. Syst. 13, 4 (2018)CrossRefGoogle Scholar
  32. 32.
    IBM: Applied cognitive security complementing the security analyst (2017).
  33. 33.
    NIST: Cybersecurity Framework (2018).

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Escuela Politécnica NacionalQuitoEcuador
  2. 2.Universidad Central del EcuadorQuitoEcuador

Personalised recommendations