Cyber Security Incident Handling, Warning and Response System for the European Critical Information Infrastructures (CyberSANE)

Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1000)


This paper aims to enhance the security and resilience of Critical Information Infrastructures (CIIs) by providing a dynamic collaborative, warning and response system (CyberSANE system) supporting and guiding security officers and operators (e.g. Incident Response professionals) to recognize, identify, dynamically analyse, forecast, treat and respond to their threats and risks and handle their daily cyber incidents. The proposed solution provides a first of a kind approach for handling cyber security incidents in the digital environments with highly interconnected, complex and diverse nature.


Incident handling Web mining Data fusion and risk assessment 



The authors would like to thank the University of Piraeus Research Centre for its continuous support.


  1. 1.
    West-Brown, M.J., Stikvoort, D., Kossakowski, K.P., Killcrece, G., Ruefle, R.: Handbook for computer security incident response teams (CSIRTs). (No. CMU/SEI-2003-HB-002). Carnegie-Mellon Univ Pittsburgh PA Software Engineering Inst. (2003a)Google Scholar
  2. 2.
    Wiik, J., Kossakowski, K.P.: Dynamics of incident response. In: 17th Annual FIRST Conference on Computer Security Incident Handling, Singapore (2005)Google Scholar
  3. 3.
    British Standards Institution. BS ISO/IEC 27035:2011 - Information Technology. Security Techniques. Information Security Incident Management (2011)Google Scholar
  4. 4.
    Cichonski, P., Scarfone, K.: Computer Security Incident Handling Guide Recommendations. NIST, Gaithersburg (2012). National Institute of Standards and Technology (NIST)CrossRefGoogle Scholar
  5. 5.
  6. 6.
    Northcutt, S.: Computer Security Incident Handling Version 2.3.1 (2003)Google Scholar
  7. 7.
    Vangelos, M.: Incident response: managing. In: Encyclopedia of Information Assurance, pp. 1442–1449. Taylor & Francis (2011)Google Scholar
  8. 8.
    Werlinger, R., Muldner, K., Hawkey, K., Beznosov, K.: Preparation, detection, and analysis: the diagnostic work of it security incident response. Inf. Manag. Comput. Secur. 18(1), 26–42 (2010)CrossRefGoogle Scholar
  9. 9.
    Khurana, H., Basney, J., Bakht, M., Freemon, M., Welch, V., Butler, R.: Palantir: a framework for collaborative incident response and investigation. In: Proceedings of the 8th Symposium on Identity and Trust on the Internet, p. 38e51 (2009)Google Scholar
  10. 10.
    Grobauer, B., Schreck, T.: Towards incident handling in the cloud. In: Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop (CCSW 10), pp. 77–85 (2010)Google Scholar
  11. 11.
    Monfared, A., Jaatun, M.G.: Handling compromised components in an IaaS cloud installation. J. Cloud Comput. Adv. Syst. Appl. 1, 16 (2012)CrossRefGoogle Scholar
  12. 12.
    Line, M.B.: A case study: preparing for the smart grids-identifying current practice for information security incident management in the power industry. In: 2013 7 International Conference on IT Security Incident Management and IT Forensics, IT Security Incident Management and IT Forensics (IMF), pp. 26–32. IEEE (2013)Google Scholar
  13. 13.
    Cusick, J.J., Ma, G.: Creating an ITIL inspired incident management approach: roots, response, and results. In: Network Operations and Management Symposium Workshops (NOMS Wksps) 2010 IEEE/IFIP, pp. 142–148. IEEE (2010)Google Scholar
  14. 14.
    Connell, A., Palko, T., Yasar, H.: Cerebro: a platform for collaborative incident response and investigation. In: 2013 IEEE International Conference on Technologies for Homeland Security (HST) (2013)Google Scholar
  15. 15.
    Ahmad, A., Hadgkiss, J., Ruighaver, A.B.: Incident response teams-challenges in supporting the organisational security function. Comput. Secur. 31(5), 643–652 (2012)CrossRefGoogle Scholar
  16. 16.
    Shedden, P., Ahmad, A., Ruighaver, A.B.: Informal learning in security incident response teams. In: 2011 Australasian Conference on Information Systems (2011)Google Scholar
  17. 17.
    Casey, E.: Investigating sophisticated security breaches. Commun. ACM 49(2), 48–55 (2006)CrossRefGoogle Scholar
  18. 18.
    Nnoli, H., Lindskog, D., Zavarsky, P., Aghili, S., Ruhl, R.: The governance of corporate forensics using COBIT, NIST and increased automated forensic approaches. In: 2012 International Conference on Privacy, Security, Risk and Trust. IEEE (2012)Google Scholar
  19. 19.
    Tan, T., Ruighaver, T., Ahmad, A.: Incident handling: where the need for planning is often not recognised. In: 1st Australian Computer, Network & Information Forensics Conference (2003)Google Scholar
  20. 20.
    FireEye. The Need for Speed: 2013 Incident Response Survey (2013)Google Scholar
  21. 21.
    Grispos, G., Glisson, W.B., Storer, T.: Rethinking security incident response: the integration of agile principles. arXiv preprint arXiv:1408.2431 (2014)
  22. 22.
    Ab Rahman, N.H., Choo, K.K.R.: A survey of information security incident handling in the cloud. Comput. Secur. 49, 45–69 (2015)CrossRefGoogle Scholar
  23. 23.
    Papastergiou, S., Polemi, D.: Securing maritime logistics and supply chain: the Medusa and MITIGATE approaches. Maritime Interdiction Operations Journal 14(1), 42–48 (2017). Proceedings of 2nd NMIOTIC Conference on Cyber Security. ISSN 2242-441XGoogle Scholar
  24. 24.
    Papastergiou, S., Polemi, N.: MITIGATE: a dynamic supply chain cyber risk assessment methodology. In: Yang, X.S., Nagar, A., Joshi, A. (eds.) Smart Trends in Systems, Security and Sustainability. LNNS, vol. 18, pp. 1–9. Springer, Heidelberg (2018). Scholar
  25. 25.
    Kalogeraki, E.-M., Papastergiou, S., Polemi N.: SAURON real-life use cases: terrorists attack a cruise ship berthed at a port facility. In: The 9th NMIOTC Annual Conference “Fostering Projection of Stability through Maritime Security: Achieving Enhanced Capabilities and Operational Effectiveness” 5–7 June 2018 (2018)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Department of InformaticsUniversity of PiraeusPiraeusGreece
  2. 2.School of Computing, Engineering and MathematicsUniversity of BrightonBrightonUK

Personalised recommendations