Improving Incident Management Processes with Feature Models

Authors

  • Karam Mustafa Ignaim Al-Balqa Applied University, Salt, Jordan
  • João M. Fernandes Universidade do Minho, Centro ALGORITMI, Braga, Portugal

DOI:

https://doi.org/10.13052/jcsm2245-1439.1346

Keywords:

Incident management process, cyberattack, incident response team, feature model

Abstract

A cybersecurity incident is any event that directly or indirectly affects the confidentiality, availability, or integrity of a system or a service (or its data). The aim of a cyber-incident management process is to restore normal service levels as quickly as possible, by mitigating or eliminating the effects of system service disruptions. During the different phases of a cyber-incident management process, the documentation can be confusing and difficult to comprehend, making it ineffective. This paper aims to improve cyber-incident management processes that already exist by introducing feature models in order to handle incident documentation, classification, prioritisation, and mitigation. An example of an improved cyber-incident process is evaluated with respect to its efficiency and effectiveness, by conducting two case studies. The results of this work reveal that the improved process increases efficiency in addressing and repairing cyber-incidents by reducing the incident response time.

Downloads

Download data is not yet available.

Author Biographies

Karam Mustafa Ignaim, Al-Balqa Applied University, Salt, Jordan

Karam Mustafa Ignaim is assistant professor at Al Balqa Appiled University, Jordan. She received her BSc degree in Information Technology and the MSc degree in Computer Science, both from Al Balqa Applied University, and the PhD degree in Software Engineering from University of Minho, Portugal. Her research interests include software product lines, feature modelling, software reuse, cybersecurity, and software maintenance.

João M. Fernandes, Universidade do Minho, Centro ALGORITMI, Braga, Portugal

João M. Fernandes is full professor at Universidade do Minho, Portugal. He conducts his research activities in software engineering, with a special interest in software modelling, requirements engineering and software business. He is the main author of the book ‘Requirements in Engineering Projects’, Springer in 2016. He has been involved in the organisation of various international events, including ACSD 2003, DIPES 2006, GTTSE 2009, PETRI NETS 2010, ACSD 2010, the MOMPES Workshops Series (2003–2012) and ICSOB 2015.

References

Patrick Taylor Smith. “Cyberattacks as casus belli: A sovereignty-based account”. In: Journal of Applied Philosophy 35.2 (2018), pp. 222–241.

Lena Y Connolly and David S Wall. “The rise of crypto-ransomware in a changing cybercrime landscape: Taxonomising countermeasures”. In: Computers & Security 87 (2019), p. 101568.

Rishi Vaidya. Cyber security breaches survey 2019. University of Portsmouth, 2019.

Eetu Kettunen. Enhancing incident management process. Master’s thesis. Jyväskylä, Finland: JAMK University of Applied Sciences, 2023.

Jeetendra Pande. “Introduction to cyber security”. In: Technology 7.1 (2017), pp. 11–26.

Janet Kuhn. “Expanding the expanded incident lifecycle”. In: Do-IT Yourself 5.7 (2009).

Oluwafemi Oriola et al. “A collaborative approach for national cybersecurity incident management”. In: Information & Computer Security 29.3 (2021), pp. 457–484.

Martin Gilje Jaatun and Rainer Koelle. “Cyber security incident management in the aviation domain”. In: 11th International Conference on Availability, Reliability and Security (ARES 2016). 2016, pp. 510–516.

Nivedita Shinde and Priti Kulkarni. “Cyber incident response and planning: a flexible approach”. In: Computer Fraud & Security 2021.1 (2021), pp. 14–19.

Amal Latrache, El Habib Nfaoui, and Jaouad Boumhidi. “Multi agent based incident management system according to ITIL”. In: Intelligent Systems and Computer Vision (ISCV 2015). 2015, pp. 1–7.

Maria Bartnes, Nils Brede Moe, and Poul E Heegaard. “The future of information security incident management training: A case study of electrical power companies”. In: Computers & Security 61 (2016), pp. 32–45.

Martin Sarnovsky and Juraj Surma. “Predictive models for support of incident management process in IT service management”. In: Acta Electrotechnica et Informatica 18.1 (2018), pp. 57–62.

Claudio Bartolini, Cesare Stefanelli, and Mauro Tortonesi. “SYMIAN: Analysis and performance improvement of the IT incident management process”. In: IEEE Transactions on Network and Service Management 7.3 (2010), pp. 132–144.

George Grispos, William Bradley Glisson, and Tim Storer. “Enhancing security incident response follow-up efforts with lightweight agile retrospectives”. In: Digital Investigation 22 (2017), pp. 62–73.

Olaolu Kayode-Ajala. “Applications of Cyber Threat Intelligence (CTI) in Financial Institutions and Challenges in Its Adoption”. In: Applied Research in Artificial Intelligence and Cloud Computing 6.8 (2023), pp. 1–21.

Florian Menges and Günther Pernul. “A comparative analysis of incident reporting formats”. In: Computers & Security 73 (2018), pp. 87–101.

Rajeev Gupta, K Hima Prasad, and Mukesh Mohania. “Automating ITSM incident management process”. In: International Conference on Autonomic Computing (ICAC 2008). 2008, pp. 141–150.

Marshall A Kuypers, Thomas Maillart, and Elisabeth Paté-Cornell. An empirical analysis of cyber security incidents at a large organization. Department of Management Science and Engineering, School of Information, Stanford University, 2016.

Kyo C Kang, Jaejoon Lee, and Patrick Donohoe. “Feature-oriented product line engineering”. In: IEEE Software 19.4 (2002), pp. 58–65.

Ebrahim Bagheri and Dragan Gasevic. “Assessing the maintainability of software product line feature models using structural metrics”. In: Software Quality Journal 19 (2011), pp. 579–612.

Guoheng Zhang, Huilin Ye, and Yuqing Lin. “An approach for validating feature models in software product lines”. In: Journal of Software Engineering 7.1 (2013), pp. 1–29.

Karam Ignaim et al. “A concrete product derivation in software product line engineering: A practical approach”. In: International Journal of Computer Applications in Technology 70.3–4 (2022), pp. 225–232.

Karam Ignaim. “EvoSPL: An evolutionary approach for adopting software product lines in the automotive industry”. PhD thesis, Braga, Portugal: Universidade do Minho, 2021.

R Al-Msie’deen. “Reverse engineering feature models from software variants to build software product lines: REVPLINE approach”. PhD thesis, Montpellier, France: Universitè Montpellier II, 2014.

George Stergiopoulos, Dimitris A Gritzalis, and Evangelos Limnaios. “Cyber-attacks on the Oil & Gas Sector: A survey on incident assessment and attack patterns”. In: IEEE Access 8 (2020), pp. 128440–128475.

Robert J Turk. Cyber incidents involving control systems. Tech. rep. Idaho National Laboratory, Idaho, United States, 2005.

Richard Smith et al. “The agile incident response for industrial control systems (AIR4ICS) framework”. In: Computers & Security 109 (2021), p. 102398.

Tanja Ruskojärvi. Cyber security incident management process in NOC/SOC integration. Master’s thesis. Jyväskylä, Finland: JAMK University of Applied Sciences. 2020.

Olga De Troyer and Erik Janssens. “A feature modeling approach for domain-specific requirement elicitation”. In: 4th IEEE International Workshop on Requirements Patterns (RePa 2014). 2014, pp. 17–24.

Don Batory. “Feature models, grammars, and propositional formulas”. In: 9th International Conference on Software Product Lines (SPLC 2005). 2005, pp. 7–20.

Julie Steinke et al. “Improving cybersecurity incident response team effectiveness using teams-based research”. In: IEEE Security & Privacy 13.4 (2015), pp. 20–29.

Karam Ignaim, Sultan M Al Khatib, and João M. Fernandes Khalid Alkharabsheh. “Approach to attributed feature modeling for requirements elicitation in scrum agile development”. In: Journal of Theoretical and Applied Information Technology 101.9 (2023).

Downloads

Published

2024-06-14

How to Cite

1.
Ignaim KM, Fernandes JM. Improving Incident Management Processes with Feature Models. JCSANDM [Internet]. 2024 Jun. 14 [cited 2024 Nov. 24];13(04):701-24. Available from: https://journals.riverpublishers.com/index.php/JCSANDM/article/view/24357

Issue

Section

Cyber Security Issues and Solutions