On the enhancement of data quality in security incident response investigations

Grispos, George (2016) On the enhancement of data quality in security incident response investigations. PhD thesis, University of Glasgow.

Full text available as:
Download (4MB) | Preview
Printed Thesis Information: https://eleanor.lib.gla.ac.uk/record=b3153428


Security incidents detected by information technology-dependent organisations are escalating in both scale and complexity. As a result, security incident response has become a critical mechanism for organisations in an effort to minimise the damage from security incidents. To help organisations develop security incident response capabilities, several security incident response approaches and best practice guidelines have been published in both industry and academia. The final phase within many of these approaches and best practices is the ‘feedback’ or ‘follow-up’ phase. Within this phase, it is expected that an organisation will learn from a security incident and use this information to improve its overall information security posture. However, researchers have argued that many organisations tend to focus on eradication and recovery instead of learning from a security incident.

An exploratory case study was undertaken in a Fortune 500 Organisation to investigate security incident learning in practice within organisations. At a high-level, the challenges and problems identified from the case study suggests that security incident response could benefit from improving the quality of data generated from and during security investigations. Therefore, the objective of this research was to improve the quality of data in security incident response, so that organisations can develop deeper insights into security incident causes and to assist with security incident learning.

A supplementary challenge identified was the need to minimise the time-cost associated with any changes to organisational processes. Therefore, several lightweight measures were created and implemented within the case study organisation. These measures were evaluated in a series of longitudinal studies that collected both quantitative and qualitative data from the case study organisation.

Item Type: Thesis (PhD)
Qualification Level: Doctoral
Keywords: Security incident response, data quality, case study, cybercrime.
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Q Science > QA Mathematics > QA76 Computer software
Colleges/Schools: College of Science and Engineering > School of Computing Science
Supervisor's Name: Storer, Dr. Tim
Date of Award: 2016
Depositing User: Mr George Grispos
Unique ID: glathesis:2016-7293
Copyright: Copyright of this thesis is held by the author.
Date Deposited: 09 May 2016 15:58
Last Modified: 26 May 2016 08:53
URI: http://theses.gla.ac.uk/id/eprint/7293

Actions (login required)

View Item View Item


Downloads per month over past year