• norsk
    • English
  • English 
    • norsk
    • English
  • Login
View Item 
  •   Home
  • Øvrige samlinger
  • Publikasjoner fra CRIStin - NTNU
  • View Item
  •   Home
  • Øvrige samlinger
  • Publikasjoner fra CRIStin - NTNU
  • View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.

Challenges in IT Security Preparedness Exercises: A Case Study

Bartnes, Maria; Moe, Nils Brede
Journal article, Peer reviewed
Thumbnail
View/Open
Challenges+in+IT+Security+Preparedness+Exercises.pdf (1.259Mb)
URI
http://hdl.handle.net/11250/2427618
Date
2016
Metadata
Show full item record
Collections
  • Institutt for informasjonssikkerhet og kommunikasjonsteknologi [1558]
  • Publikasjoner fra CRIStin - NTNU [19694]
Original version
10.1016/j.cose.2016.11.017
Abstract
The electric power industry is currently implementing major technological changes in order to achieve the goal of smart grids. However, these changes are expected to increase the susceptibility of the industry to IT security incidents. IT security preparedness exercises are not commonly performed in the electric power industry, even though this industry is considered part of society's critical infrastructure. Resolving an IT security incident requires inter-departmental collaborations between various categories of personnel, and to successfully achieve this, training is required. The process of preparing a response to incidents enhances the nature of collaboration, coordination, and communication within an organization. Our objective is to understand the challenges faced when performing IT security preparedness exercises, as challenges experienced during these exercises affect the response process during a real incident. By improving the exercises, the response capabilities would be strengthened accordingly. We have designed a multiple-case study with six teams in three organizations. We collected data by performing semi-structured interviews, participant observations, and from process artifacts. We identified six main challenges involving team composition and external expert involvement, goal definition, documentation, and time management. In summary, there are many ways of conducting preparedness exercises. Therefore, organizations need to both optimize current exercise practices and experiment with new ones in order to ensure continuous learning and improvement; hence, they can be adequately prepared to respond to IT security incidents.
Publisher
Elsevier
Journal
Computers & security

Contact Us | Send Feedback

Privacy policy
DSpace software copyright © 2002-2019  DuraSpace

Service from  Unit
 

 

Browse

ArchiveCommunities & CollectionsBy Issue DateAuthorsTitlesSubjectsDocument TypesJournalsThis CollectionBy Issue DateAuthorsTitlesSubjectsDocument TypesJournals

My Account

Login

Statistics

View Usage Statistics

Contact Us | Send Feedback

Privacy policy
DSpace software copyright © 2002-2019  DuraSpace

Service from  Unit