TY - GEN
T1 - How good is your data? Investigating the quality of data generated during security incident response investigations
AU - Grispos, George
AU - Glisson, William Bradley
AU - Storer, Tim
N1 - Publisher Copyright:
© 2019 IEEE Computer Society. All rights reserved.
PY - 2019
Y1 - 2019
N2 - An increasing number of cybersecurity incidents prompts organizations to explore alternative security solutions, such as threat intelligence programs. For such programs to succeed, data needs to be collected, validated, and recorded in relevant datastores. One potential source supplying these datastores is an organization's security incident response team. However, researchers have argued that these teams focus more on eradication and recovery and less on providing feedback to enhance organizational security. This prompts the idea that data collected during security incident investigations may be of insufficient quality for threat intelligence analysis. While previous discussions focus on data quality issues from threat intelligence sharing perspectives, minimal research examines the data generated during incident response investigations. This paper presents the results of a case study identifying data quality challenges in a Fortune 500 organization's incident response team. Furthermore, the paper provides the foundation for future research regarding data quality concerns in security incident response.
AB - An increasing number of cybersecurity incidents prompts organizations to explore alternative security solutions, such as threat intelligence programs. For such programs to succeed, data needs to be collected, validated, and recorded in relevant datastores. One potential source supplying these datastores is an organization's security incident response team. However, researchers have argued that these teams focus more on eradication and recovery and less on providing feedback to enhance organizational security. This prompts the idea that data collected during security incident investigations may be of insufficient quality for threat intelligence analysis. While previous discussions focus on data quality issues from threat intelligence sharing perspectives, minimal research examines the data generated during incident response investigations. This paper presents the results of a case study identifying data quality challenges in a Fortune 500 organization's incident response team. Furthermore, the paper provides the foundation for future research regarding data quality concerns in security incident response.
UR - http://www.scopus.com/inward/record.url?scp=85108151981&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85108151981&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85108151981
T3 - Proceedings of the Annual Hawaii International Conference on System Sciences
SP - 7156
EP - 7165
BT - Proceedings of the 52nd Annual Hawaii International Conference on System Sciences, HICSS 2019
A2 - Bui, Tung X.
PB - IEEE Computer Society
T2 - 52nd Annual Hawaii International Conference on System Sciences, HICSS 2019
Y2 - 8 January 2019 through 11 January 2019
ER -