000000132 001__ 132
000000132 005__ 20130522141942.0
000000132 037__ $$aLERSSE-RefConfPaper-2007-024
000000132 041__ $$aeng
000000132 100__ $$aRodrigo Werlinger 
000000132 100__ $$aDavid Botta
000000132 245__ $$aDetecting, Analyzing and Responding to Security Incidents: A Qualitative Analysis
000000132 260__ $$c2007-06-13
000000132 520__ $$aThis study develops categories of responses to security incidents, based on a grounded theory analysis of interviews with security practitioners, with a focus on the tasks performed during security incidents, and the necessary resources to perform these tasks. The results include a list of types of incidents, a model for the tasks, the skills employed, and the strategies used during security incidents. A security incident can be understood in terms of three stages: detection, analysis, and response. Each stage is comprised by tasks that are performed using different skills, strategies, and resources. We also recommend that development of security tools focus on: correlation of multiple sources of information, including the activities of different projects in distributed environments; and better trade-off between portability and visualization.
000000132 6531_ $$ahot admin
000000132 6531_ $$asecurity tasks
000000132 6531_ $$aresources
000000132 6531_ $$acollaborative work
000000132 6531_ $$asecurity incident
000000132 8560_ $$frodrigow@ece.ubc.ca
000000132 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/132/files/132.pdf$$yTransfer from CDS 0.99.7
000000132 909C4 $$pRodrigo Werlinger,
David Botta, "Detecting, Analyzing and Responding to Security Incidents: A
Qualitative Analysis," in Workshop on Usable IT Security Management (USM'07), July 18, 2007, Pittsburgh, PA, USA.
000000132 980__ $$aRefConfPaper