Incident Management Capability Metrics Version 0.1

Dorofee, Audrey; Killcrece, Georgia; Ruefle, Robin; Zajicek, Mark

Incident Management Capability Metrics Version 0.1

Active / Technical Report | Accession Number: ADA468688 |

Open PDF

Abstract:

Successful management of incidents that threaten an organizations cyber security is a complex endeavor. Frequently an organizations primary focus on the response aspects of security incidents results in its failure to manage incidents beyond simply reacting to threatening events. The metrics presented in this document are intended to provide a baseline or benchmark of incident management practices. The incident management functions provided in a series of questions and indicators define the actual benchmark. The questions explore different aspects of incident management activities for protecting, defending, and sustaining an organizations computing environment in addition to conducting appropriate response actions. This benchmark can be used by an organization to assess how its current incident management capability is defined, managed, measured, and improved. This will help assure the system owners, data owners, and operators that their incident management services are being delivered with a high standard of quality and success, and within acceptable levels of risk.

Author(s):

Dorofee, Audrey ; Killcrece, Georgia ; Ruefle, Robin ; Zajicek, Mark

Author Organization(s):

OFFICE OF THE PROJECT MANAGER RADAR SYSTEMS INTEL AND C3CM SYSTEMS HANSCOM AFB MA

Descriptive Note:

Final rept.

Supplementary Note:

The original document contains color images. DOI: 10.21236/ADA468688

Pagination:

0229

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:

Approved For Public Release

Distribution Statement:

Approved For Public Release; Distribution Is Unlimited.

RECORD

Collection: TR

Identifying Numbers

Report Number(s):

CMU/SEI-2007-TR-008, ESC-TR-2007-008

Contract/Grant Number(s):

FA8721-05-C-0003

Monitor Series:

ESC/MA

Subject Terms

Joint Capability Areas:

JCA_5_Command and Control; JCA_8_Building Partnerships; JCA_8.2_Shape; JCA_5.3_Planning; JCA_8.2.4_Leverage Capacities and Capabilities of Security Establishments; JCA_6_Net Centric; JCA_5.2_Understand; JCA_4.2_Supply; JCA_4.2.1_Manage Supplies and Equipment; JCA_4.5_Operational Contract Support; JCA_4.5.1_Contract Support Integration; JCA_5.2.3_Share Knowledge and Situational Awareness; JCA_5.5_Direct; JCA_6.4.3_Respond to Attack Event; JCA_6.4.1_Secure Information Exchange; JCA_5.5.1_Communicate Intent and Guidance; JCA_7_Protection; JCA_5.3.2_Apply Situational Understanding; JCA_6.4.2_Protect Data and Networks; JCA_6.4_Information Assurance; JCA_7.2_Mitigate

Communities of Interest:

Cyber

Descriptor(s):

*ELECTRONIC SECURITY, MONITORING, COMPUTER OPERATORS, RISK ANALYSIS, COMPUTER CRIMES, RISK MANAGEMENT, COMPUTER BENCHMARKING, COMPUTER NETWORKS

Field(s)/Group(s):

Computer Programming and Software, Computer Systems Management and Standards

Keyword(s):

INCIDENT MANAGEMENT CAPABILITY METRICS, MALWARE PROTECTION, COMPUTER SECURITY INCIDENTS

Report Date:

2007 Apr 01

Creation Date:

2007 Jun 27