Skip to main content

Metrics and Indicators of Information Security Incident Management: A Systematic Mapping Study

  • Conference paper
  • First Online:
Developments and Advances in Defense and Security

Abstract

The number of threats and vulnerabilities has increased rapidly in recent years. For this reason, organizations are in need of providing improvements in their computer security incident management (CSIM), in order to safeguard their intellectual capital. Therefore, the identification and use of both metrics and indicators are a crucial factor to manage security incidents. In this context, organizations try to improve their level of CSIM based on standards or only according to their criteria based on their experience. This article aims at carrying out a systematic mapping study of academic articles conducted in this research area, in order to present a document that describes metrics and indicators of security incidents in organizations. The results of this work show and describe several key indicators and metrics related to the cost, quality, and service (time) involved in dealing with such incidents. Also, it is expected that this study serves as a strategic reference for organizations.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 219.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Miloslavskaya, N.: Security operations centers for information security incident management. In: 2016 IEEE 4th International Conference on Future Internet of Things and Cloud (FiCloud), pp. 131–136 (2016)

    Google Scholar 

  2. Bernsmed, K., Tondel, I.A.: Forewarned is forearmed: indicators for evaluating information security incident management. In: 2013 IEEE Seventh International Conference on IT Security Incident Management and IT Forensics, pp. 3–14 (2013)

    Google Scholar 

  3. Hajdarevic, K., Allen, P.: A new method for the identification of proactive information security management system metrics. In: 2013 IEEE 36th International Convention on Information & Communication Technology Electronics & Microelectronics (MIPRO), pp. 1121–1126. (2013)

    Google Scholar 

  4. Thomson, W., Kelvin, L.: Baltimore Lectures. CJC a. Sons, Ed., London (1904)

    Google Scholar 

  5. Petersen, K., Vakkalanka, S., Kuzniarz, L.: Guidelines for conducting systematic mapping studies in software engineering: an update. Inf. Softw. Technol. 64, 1–18 (2015)

    Article  Google Scholar 

  6. Elberzhager, F., Münch, J., Nha, V.T.N.: A systematic mapping study on the combination of static and dynamic quality assurance techniques. Inf. Softw. Technol. 54(1), 1–15 (2012)

    Article  Google Scholar 

  7. Miani, R.S., Zarpelao, B.B., Sobesto, B., Cukier, M.: A practical experience on evaluating intrusion prevention system event data as indicators of security issues. In: 2015 IEEE 34th Symposium on Reliable Distributed Systems (SRDS), pp. 296–305 (2015)

    Google Scholar 

  8. Boutaba, R., Salahuddin, M.A., Limam, N., Ayoubi, S., Shahriar, N., Estrada-Solano, F., Caicedo, O.M.: A comprehensive survey on machine learning for networking: evolution, applications and research opportunities. J. Internet Serv. Appl. 9(1), 16 (2018)

    Article  Google Scholar 

  9. Senk, C.: Adoption of security as a service. J. Internet Serv. Appl. 4(1), 11 (2013)

    Article  Google Scholar 

  10. Takamura, E., Mangum, K., Wasiak, F., Gomez-Rosa, C.: Information security considerations for protecting NASA mission operations centers (mocs). In: 2015 IEEE Aerospace Conference, pp. 1–14 (2015)

    Google Scholar 

  11. Skopik, F., Wurzenberger, M., Settanni, G., Fiedler, R.: Establishing national cyber situational awareness through incident information clustering. In: 2015 IEEE International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), pp. 1–8 (2015)

    Google Scholar 

  12. Zieger, A., Freiling, F., Kossakowski, K.P.: The β-time-to-compromise metric for practical cyber security risk estimation. In: 2018 IEEE 11th International Conference on IT Security Incident Management & IT Forensics (IMF). pp. 115–133 (2018)

    Google Scholar 

  13. Bustamante, F., Fuertes, W., Díaz, P., Toulkeridis, T.: Integration of IT frameworks for the management of information security within industrial control systems providing metrics and indicators. In: 2017 IEEE XXIV International Conference on Electronics, Electrical Engineering and Computing (INTERCON), pp. 1–4 (2017)

    Google Scholar 

  14. Munro, J.K.: Application of security metrics to instrument systems that use distributed processing. In: Future of Instrumentation International Workshop (FIIW), 2011, pp. 5–8 (2011)

    Google Scholar 

  15. Stouffer, K., Falco, J., Scarfone, K.: Guide to industrial control systems (ICS) security. NIST Spec. Publ. 800(82), 16 (2011)

    Google Scholar 

  16. Rose, K.H.: A guide to the Project Management Body of Knowledge (PMBOK® Guide)—Fifth Edition. Proj. Manag. J. 44(3), e1–e1 (2013)

    Article  Google Scholar 

  17. Lloyd, V.: ITIL Continual Service Improvement (Best Management Practices). The Stationery Office (2011)

    Google Scholar 

  18. ISACA: COBIT 5: A business framework for the governance and management of enterprise IT. ISACA (2012)

    Google Scholar 

  19. McQueen, M.A., Boyer, W.F., Flynn, M.A., Beitel, G.A.: Time-to-compromise model for cyber risk reduction estimation. In: Quality of Protection, pp. 49–64. Springer (2006)

    Google Scholar 

  20. Øien, K., Massaiu, S., Tinmannsvik, R.K.: Guideline for implementing the REWI method; Resilience based Early Warning Indicators. SINTEF report A 22026 (2012)

    Google Scholar 

  21. Information Technology—Security Techniques—Information Security Incident Management. Standard, International Organization for Standardization, Geneva, CH (2011)

    Google Scholar 

  22. Cichonski, P., Millar, T., Grance, T., Scarfone, K.: Computer security incident handling guide. NIST Spec. Publ. 800(61), 1–147 (2012)

    Google Scholar 

  23. ANSI/ISA: Security for Industrial Automation and Control Systems Part 1: Terminology, Concepts & Models. Tech. rep., American National Standards Institute/International Society of Automation (ANSI/ISA) (2007)

    Google Scholar 

  24. ANSI/ISA: Security for Industrial Automation and Control Systems: Establishing an Industrial Automation and Control Systems Security Program. Tech. rep., American National Standards Institute/International Society of Automation (ANSI/ISA) (2009)

    Google Scholar 

  25. ISO/IEC: Information Technology—Security Techniques—Information Security Management—Measurement (ISO/IEC 27004: 2009). ISO/IEC (2009)

    Google Scholar 

  26. Chew, E., Swanson, M., Stine, K., Bartol, N., Brown, A., Robinson, W.: NIST Special Publication 800–55 Revision 1. Performance Measurement Guide for Information Security, National Institute of Standards and Technology, US Department of Commerce. Computer Division, Gaithersburg, MD 20899, 8930 (2008)

    Google Scholar 

  27. Verdugo, R.P.: Estado de las tecnologías de la información y la comunicación en las universidades ecuatorianas. CEDIA (2017)

    Google Scholar 

Download references

Acknowledgements

The authors would like to thank the financial support of the Ecuadorian Corporation for the Development of Research and the Academy (RED CEDIA) in the development of this work, under Research Team GT-II-Cybersecurity.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Luis Tello-Oquendo .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Cadena, A. et al. (2020). Metrics and Indicators of Information Security Incident Management: A Systematic Mapping Study. In: Rocha, Á., Pereira, R. (eds) Developments and Advances in Defense and Security. Smart Innovation, Systems and Technologies, vol 152. Springer, Singapore. https://doi.org/10.1007/978-981-13-9155-2_40

Download citation

Publish with us

Policies and ethics