Mouratidis, Haralambos and Islam, Shareeful and Santos-Olmo, Antonio and Sanchez, Luis E and Ismail, Umar Mukhtar (2023) Modelling Language for Cyber Security Incident Handling for Critical Infrastructures. Computers and Security, 128. p. 103139. DOI https://doi.org/10.1016/j.cose.2023.103139
Mouratidis, Haralambos and Islam, Shareeful and Santos-Olmo, Antonio and Sanchez, Luis E and Ismail, Umar Mukhtar (2023) Modelling Language for Cyber Security Incident Handling for Critical Infrastructures. Computers and Security, 128. p. 103139. DOI https://doi.org/10.1016/j.cose.2023.103139
Mouratidis, Haralambos and Islam, Shareeful and Santos-Olmo, Antonio and Sanchez, Luis E and Ismail, Umar Mukhtar (2023) Modelling Language for Cyber Security Incident Handling for Critical Infrastructures. Computers and Security, 128. p. 103139. DOI https://doi.org/10.1016/j.cose.2023.103139
Abstract
Cyber security incident handling is a consistent methodology with which to ensure overall business continuity. However, specifically handling incidents for critical information infrastructures is challenging owing to the inherent complexity and evolving nature of the threat. Despite the number of contributions made to cyber incident handling, there is little evidence of literature that focuses on modelling activities that will enhance developers’ abilities to model incident handling processes and activities according to different views. Modelling languages of this nature should integrate essential concepts and a descriptive implementation process in order to enable developers to analyse, represent and reason about the crucial incident handling efforts required to support critical information infrastructures. The aim of this paper is, as part of the CyberSANE EU project, to develop a Cyber Incident Handling Modelling Language (CIHML) that focuses explicitly on modelling incident handling in the context of a critical information infrastructure. The work is innovative in its approach because it consolidates concepts from various domains such as security requirements, forensics, threat intelligence, critical infrastructures and cyber incident handling. The approach will allow the phases of the incident handling lifecycle to be modelled from three different views (critical information infrastructures, threat and risk analysis, and incident response). An implementation process is also proposed, which will serve as a comprehensive guide for developers in order to create these modelling views. Finally, CIHML is evaluated using a real-life scenario from the CyberSANE project to demonstrate its applicability. The incident observed had a severe impact on the overall business continuity of the context studied. The results obtained from the study show that CIHML can help critical information infrastructure operators to identify, evaluate, represent and model cyber incidents in critical information systems, in addition to providing the support required to determine the response strategies needed in order to mitigate these cyber-attacks.
Item Type: | Article |
---|---|
Uncontrolled Keywords: | Critical infrastructure; Meta-model; Incident response; Cyber incident; Cyber course of action; Cyber threat intelligence; Security requirements |
Divisions: | Faculty of Science and Health Faculty of Science and Health > Computer Science and Electronic Engineering, School of |
SWORD Depositor: | Unnamed user with email elements@essex.ac.uk |
Depositing User: | Unnamed user with email elements@essex.ac.uk |
Date Deposited: | 01 Mar 2023 20:04 |
Last Modified: | 16 May 2024 21:43 |
URI: | http://repository.essex.ac.uk/id/eprint/34914 |
Available files
Filename: 1-s2.0-S0167404823000494-main.pdf
Licence: Creative Commons: Attribution 4.0