TY - JOUR
T1 - The future of information security incident management training
T2 - A case study of electrical power companies
AU - Bartnes, Maria
AU - Moe, Nils Brede
AU - Heegaard, Poul E.
N1 - Publisher Copyright:
© 2016 Elsevier Ltd. All rights reserved.
PY - 2016/8/1
Y1 - 2016/8/1
N2 - Recent attacks and threat reports indicate that industrial control organizations are attractive targets for attacks. Emerging threats create the need for a well-established capacity for responding to unwanted incidents. Such a capacity is influenced by organizational, human, and technological factors. We have conducted extensive fieldwork for 2.5 years in Norwegian electric power companies with the aim of identifying challenges for improving information security incident management practices. Semi-structured interviews, document analysis, a survey and participant observations have been performed as part of this case study. We describe how training for responding to information security incidents is given low priority and that different types of personnel, such as business managers and technical personnel, have different perspectives and priorities in regard to information security. Moreover, there is a gap in how IT staff and control system staff understand information security. Furthermore, cross-functional teams need to be created to ensure a holistic view during the incident response process. To improve the capacity for responding to incidents, organizations need regular training sessions and systematic evaluations after such sessions. There is also the potential for improvement in evaluating minor incidents. A transition from an ad hoc approach to a systematic approach in training and learning requires a reorientation not only by the electric power companies but also by management. We found that learning to learn will enable the organizations to improve their incident response practices.
AB - Recent attacks and threat reports indicate that industrial control organizations are attractive targets for attacks. Emerging threats create the need for a well-established capacity for responding to unwanted incidents. Such a capacity is influenced by organizational, human, and technological factors. We have conducted extensive fieldwork for 2.5 years in Norwegian electric power companies with the aim of identifying challenges for improving information security incident management practices. Semi-structured interviews, document analysis, a survey and participant observations have been performed as part of this case study. We describe how training for responding to information security incidents is given low priority and that different types of personnel, such as business managers and technical personnel, have different perspectives and priorities in regard to information security. Moreover, there is a gap in how IT staff and control system staff understand information security. Furthermore, cross-functional teams need to be created to ensure a holistic view during the incident response process. To improve the capacity for responding to incidents, organizations need regular training sessions and systematic evaluations after such sessions. There is also the potential for improvement in evaluating minor incidents. A transition from an ad hoc approach to a systematic approach in training and learning requires a reorientation not only by the electric power companies but also by management. We found that learning to learn will enable the organizations to improve their incident response practices.
KW - Cross-functional teams
KW - Incident management
KW - Incident response
KW - Information security
KW - Learning to learn
UR - http://www.scopus.com/inward/record.url?scp=84970956263&partnerID=8YFLogxK
U2 - 10.1016/j.cose.2016.05.004
DO - 10.1016/j.cose.2016.05.004
M3 - Article
AN - SCOPUS:84970956263
SN - 0167-4048
VL - 61
SP - 32
EP - 45
JO - Computers and Security
JF - Computers and Security
ER -