liu.seSearch for publications in DiVA
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
A post-mortem incident modeling method
Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
2009 (English)In: 2009 International Conference on Availability, Reliability and Security (ARES),  Vol. 1-2, IEEE , 2009, 1018-1023 p.Conference paper, Published paper (Refereed)
Abstract [en]

Incident post-mortem analysis after recovery from incidents is recommended by most incident response experts. An analysis of why and how an incident happened is crucial for determining appropriate countermeasures to prevent the recurrence of the incident. Currently, there is a lack of structured methods for such an analysis, which would identify the causes of a security incident. In this paper, we present a structured method to perform the post-mortem analysis and to model the causes of an incident visually in a graph structure. This method is an extension of our earlier work on modeling software vulnerabilities. The goal of modeling incidents is to develop an understanding of what could have caused the security incident and how its recurrence can be prevented in the future. The method presented in this paper is intended to be used during the post-mortem analysis of incidents by incident response teams.

Place, publisher, year, edition, pages
IEEE , 2009. 1018-1023 p.
Keyword [en]
Incident response, incident cause graph, incident modeling, post-mortem analysis
National Category
Computer Science
Identifiers
URN: urn:nbn:se:liu:diva-43575DOI: 10.1109/ARES.2009.108ISI: 000270612000157Local ID: 74252ISBN: 978-1-4244-3572-2 (print)ISBN: e-978-0-7695-3564-7 OAI: oai:DiVA.org:liu-43575DiVA: diva2:264435
Conference
4th International Conference on Availability, Reliability and Security (ARES 2009), 16-19 March 2009, Fukuoka, Japan
Available from: 2009-10-10 Created: 2009-10-10 Last updated: 2014-06-24

Open Access in DiVA

No full text

Other links

Publisher's full text

Authority records BETA

Ardi, ShanaiShahmehri, Nahid

Search in DiVA

By author/editor
Ardi, ShanaiShahmehri, Nahid
By organisation
The Institute of TechnologyDatabase and information techniques
Computer Science

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 154 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf