Title :
Cyber Crisis Management: A Decision-Support Framework for Disclosing Security Incident Information
Author :
Kulikova, Olga ; Heil, R. ; van den Berg, Jan ; Pieters, Wolter
Author_Institution :
ICT Security & Control, KPMG, Amstelveen, Netherlands
Abstract :
The growing sophistication and frequency of cyber attacks force modern companies to be prepared beforehand for potential cyber security incidents and data leaks. A proper incident disclosure strategy can significantly improve timeliness and effectiveness of incident response activities, reduce legal fines, and restore confidence and trust of a company´s key stakeholders. In this paper, four factors that shape organizational preferences regarding incident information disclosure are introduced. Together, they create a set of challenges for a company when deciding to whom, when, what, and how to share cyber security incident information. We further propose a decision-support framework that provides step-by-step guidance for organizations to address these challenges, and develop an appropriate incident disclosure strategy.
Keywords :
decision support systems; organisational aspects; security of data; company stakeholder confidence; company stakeholder trust; cyber attacks; cyber crisis management; cyber security incident information disclosure strategy; cyber security incidents; data leaking; decision-support framework; incident response activity effectiveness improvement; incident response activity timeliness improvement; legal fine reduction; organizational preferences; Cyber security; incident response; information disclosure; internal and external stakeholders;
Conference_Titel :
Cyber Security (CyberSecurity), 2012 International Conference on
Conference_Location :
Washington, DC
Print_ISBN :
978-1-4799-0219-4
DOI :
10.1109/CyberSecurity.2012.20
