Skip to main content

Cyber Crisis Management Roles – A Municipality Responsibility Case Study

  • 343 Accesses

Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT,volume 575)

Abstract

In this paper we propose a role model that can be applied in societal cyber crisis management to build safety and standard procedures during cyber security crisis. We define societal cyber crisis as the cyber crisis which affect the society in which disaster is or might be the consequence. The process to create our model started by analyzing regulations and responsibilities in Norwegian municipalities, and we used steps of a design science research (DSR) research approach to create our suggested artifact. A combination of conventional crisis management and cyber crisis management is proposed to identify the interrelationships among diverse stakeholders when managing the preparation for and reaction to a cyber crisis incident. We present a cyber incident handling role model (CIHRM) which is usable for visualizing cyber crisis in a diversity of organizations. After our model has been reviewed by the cyber security research community, we plan to implement the model when analyzing crisis management in various organizations to prepare for instructions, training and exercises at our training environment - The Norwegian Cyber Range.

Keywords

  • Cyber crisis
  • Cyber management
  • Management roles
  • Crisis management
  • Societal cyber crisis

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-48939-7_15
  • Chapter length: 14 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   59.99
Price excludes VAT (USA)
  • ISBN: 978-3-030-48939-7
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   74.99
Price excludes VAT (USA)
Hardcover Book
USD   99.99
Price excludes VAT (USA)
Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.
Fig. 5.
Fig. 6.
Fig. 7.
Fig. 8.

References

  1. Bruer, A.: Ny undersøkelse: Stort etterslep på mellomlederes IT-kompetanse i offentlig sector. digi. no, 09 August 2017

    Google Scholar 

  2. Baugerød Stokke, O.P.: Advarer it-sjefer mot effektivitet. Computerworld, 23 March 2009

    Google Scholar 

  3. Office of the Auditor General of Norway, admin report nb. 1 (2018)

    Google Scholar 

  4. NOU 13 Lysne commitee: Digital vulnerability – safe society (2015)

    Google Scholar 

  5. NorSIS: The study of municipalities common need of competence-center to deal with handling ICT-security incidents (2017)

    Google Scholar 

  6. Lagadec, P.: Preventing Chaos in a Crisis Strategies for Prevention, Control and Damage Limitation (1993). Preface: tools for thinking about, preventing, and managing crisis ix

    Google Scholar 

  7. DSB: Municipality Guidance, Emergency Duty (2017)

    Google Scholar 

  8. Walker, B., Holling, C.S., Carpenter, S.R., Kinzig, A.: Resilience, adaptability and transformability in social–ecological systems. Ecol. Soc. 9(2), 1–9 (2004)

    Google Scholar 

  9. De Bruijne, M., Van Eeten, M.: Systems that should have failed: critical infrastructure protection in an institutionally fragmented environment. J. Contingencies Crisis Manag. 15(1), 18–29 (2007)

    CrossRef  Google Scholar 

  10. De Guzman, E.M.: Towards total disaster risk management approach (2002)

    Google Scholar 

  11. Haigh, R., Amaratunga, D.: An integrative review of the built environment discipline’s role in the development of society’s resilience to disasters. Int. J. Disaster Resil. Built Environ. 1(1), 11–24 (2010)

    CrossRef  Google Scholar 

  12. Anderson, E.: How to comly with the 5 functions of the NIST cybersecurity framework. Forecoun (2017). https://www.secmatters.com/blog/how-to-comply-with-the-5-functions-of-the-nist-cybersecurity-framework

  13. Kulikova, O., Heil, R., Van Den Berg, J., Pieters, W.: Cyber Crisis Management: a decision-support framework for disclosing security incident information. In: Proceedings of the 2012 ASE International Conference on Cyber Security, CyberSecurity 2012, pp. 103–112 (2013)

    Google Scholar 

  14. FEMA: The Federal Emergency Management Agency Publication 1 (2016)

    Google Scholar 

  15. Pfleeger, S.L., Caputo, D.D.: Leveraging behavioral science to mitigate cyber security risk. Comput. Secur. 31(4), 597–611 (2012)

    CrossRef  Google Scholar 

  16. van der Aalst, W.M.P.: Data scientist: the engineer of the future. In: Mertins, K., Bénaben, F., Poler, R., Bourrières, J.-P. (eds.) Enterprise Interoperability VI. PIC, vol. 7, pp. 13–26. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-04948-9_2

    CrossRef  Google Scholar 

  17. Moynihan, D.P.: The network governance of crisis response: case studies of incident command systems. J. Public Adm. Res. Theory 19(4), 895–915 (2009)

    CrossRef  Google Scholar 

  18. FEMA: National incident management system (2017)

    Google Scholar 

  19. Locke, G., Gallagher, P.D.: Managing Information Security Risk Organization, Mission, and Information System View Joint Task Force Transformation Initiative, pp. 800–839. NIST Special Publication (2011)

    Google Scholar 

  20. Boeke, S.: National cyber crisis management: different European approaches. Governance 31(3), 449–464 (2018)

    CrossRef  Google Scholar 

  21. Kowalski, S.: IT insecurity: a multi-disciplinary inquiry. Stockholm University (1994)

    Google Scholar 

  22. Kuechler, W., Vaishnavi, V.: A framework for theory development in design science research: multiple perspectives (2012)

    Google Scholar 

  23. Karokola, G.R.: A framework for Securing e-Government Services: the case of Tanzania. Stockholm University (2012)

    Google Scholar 

  24. Justis-og beredskapsdepartementet: Lov om kommunal beredskapsplikt, sivile beskyttelsestiltak og Sivilforsvaret (sivilbeskyttelsesloven). Norwegian Government (2010)

    Google Scholar 

  25. DSB: Guidance to holistic risk and vulnerability assessment in the municipality. DSB (2019)

    Google Scholar 

  26. Norwegian government, FOR-2011-08-22-894. Norwegian Government (2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Grethe Østby .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2020 IFIP International Federation for Information Processing

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Østby, G., Katt, B. (2020). Cyber Crisis Management Roles – A Municipality Responsibility Case Study. In: Murayama, Y., Velev, D., Zlateva, P. (eds) Information Technology in Disaster Risk Reduction. ITDRR 2019. IFIP Advances in Information and Communication Technology, vol 575. Springer, Cham. https://doi.org/10.1007/978-3-030-48939-7_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-48939-7_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-48938-0

  • Online ISBN: 978-3-030-48939-7

  • eBook Packages: Computer ScienceComputer Science (R0)