Information Security Incident Management: An Empirical Study of Current Practice
MetadataShow full item record
An increasing use of digital solutions suggests that organizations today are more exposed to attacks than before. Recent reports show that attacks get more advanced and that attackers choose their targets more wisely. Despite preventive measures being implemented, incidents occur occasionally. This calls for effective and efficient information security incident management. Several standards and guidelines addressing incident management exist. However, few studies of current practices have been conducted. In this thesis an empirical study was conducted where organizations' incident management practices were studied. The research was conducted as a case study of three large Norwegian organizations, where the data collection methods were interviews and document studies. Our findings show that the organizations were relatively compliant with standards and guidelines for incident management, but that there was still room for improvements. We found communication, information dissemination, employee involvement, experience and allocation of responsibilities to be important factors to an effective and efficient incident management process. Finally, we contribute with recommendations for performing successful information security incident management. We recommend organizations to use standards and guidelines as a basis for incident management, conduct regular rehearsals, utilize employees as part of the sensor network in incident detection and to conduct awareness campaigns for employees.