Publicação
Knowledge management system for cybersecurity incident response
| Resumo: | This research focuses on developing a Knowledge Management System (KMS) designed to enhance collaboration and efficiency in cybersecurity Incident Response (IR) procedures. Cybersecurity IR is critical for detecting, mitigating, and recovering from cyber threats, with well-structured Incident Response Plans (IRPs) necessary for minimizing disruptions and protecting sensitive information. However, many organizations face challenges, such as resource constraints, fragmented knowledge sharing, and inconsistent response strategies. This study aims to address these gaps by proposing a KMS design that facilitates collaboration, improves knowledge exchange, and streamlines incident management through shared response playbooks. Using a Design Science Research (DSR) methodology, the KMS was designed through iterative expert engagement, use case analysis, and mockup validation. The system features a modular architecture and provides tools for playbook creation, feedback mechanisms, and real-time collaboration, all while adhering to security of the data. Upon obtaining validation from domain experts, the results demonstrated the KMS’s effectiveness in improving access to knowledge, fostering collaboration among response teams, and standardizing incident handling processes. This research has broad implications for cybersecurity practices, promoting proactive and adaptive response strategies and enhancing organizational resilience against evolving cyber threats. |
|---|---|
| Autores principais: | Rodrigues, Miriam Isabel Farinha |
| Assunto: | Collaboration Knowledge management system Incident response Cybersecurity Playbooks Colaboração Sistema de gestão de conhecimento Resposta a incidentes Cibersegurança Playbooks |
| Ano: | 2024 |
| País: | Portugal |
| Tipo de documento: | dissertação de mestrado |
| Tipo de acesso: | acesso aberto |
| Instituição associada: | ISCTE |
| Idioma: | inglês |
| Origem: | Repositório ISCTE |
| Resumo: | This research focuses on developing a Knowledge Management System (KMS) designed to enhance collaboration and efficiency in cybersecurity Incident Response (IR) procedures. Cybersecurity IR is critical for detecting, mitigating, and recovering from cyber threats, with well-structured Incident Response Plans (IRPs) necessary for minimizing disruptions and protecting sensitive information. However, many organizations face challenges, such as resource constraints, fragmented knowledge sharing, and inconsistent response strategies. This study aims to address these gaps by proposing a KMS design that facilitates collaboration, improves knowledge exchange, and streamlines incident management through shared response playbooks. Using a Design Science Research (DSR) methodology, the KMS was designed through iterative expert engagement, use case analysis, and mockup validation. The system features a modular architecture and provides tools for playbook creation, feedback mechanisms, and real-time collaboration, all while adhering to security of the data. Upon obtaining validation from domain experts, the results demonstrated the KMS’s effectiveness in improving access to knowledge, fostering collaboration among response teams, and standardizing incident handling processes. This research has broad implications for cybersecurity practices, promoting proactive and adaptive response strategies and enhancing organizational resilience against evolving cyber threats. |
|---|