Til hovedinnhold
Norsk English

Information security incident management: Current practice as reported in the literature

Sammendrag

This paper reports results of a systematic literature review on current practice and experiences with incident management, covering a wide variety of organisations. Identified practices are summarised according to the incident management phases of ISO/IEC 27035. The study shows that current practice and experience seem to be in line with the standard. We identify some inspirational examples that will be useful for organisations looking to improve their practices, and highlight which recommended practices generally are challenging to follow. We provide suggestions for addressing the challenges, and present identified research needs within information security incident management.

Kategori

Vitenskapelig artikkel

Språk

Engelsk

Institusjon(er)

  • SINTEF Digital / Software Engineering, Safety and Security
  • Norges teknisk-naturvitenskapelige universitet

År

2014

Publisert i

Computers & Security

ISSN

0167-4048

Forlag

Elsevier

Årgang

45

Side(r)

42 - 57

Vis denne publikasjonen hos Cristin