Home > Publications
Home University of Twente
Prospective Students
Intranet (internal)

EEMCS EPrints Service

23955 Cyber crisis management: a decision-support framework for disclosing security incident information
Home Policy Brochure Browse Search User Area Contact Help

Kulikova, O. and Heil, R. and van den Berg, Jan and Pieters, W. (2012) Cyber crisis management: a decision-support framework for disclosing security incident information. In: International Conference on Cyber Security, CyberSecurity 2012, 14-16 Dec 2012, Washington, USA. pp. 103-112. Cyber Security (CyberSecurity), 2012 International Conference . IEEE Computer Society. ISBN 978-1-4799-0219-4

Full text available as:


376 Kb
Open Access

Official URL:

Exported to Metis


The growing sophistication and frequency of cyber attacks force modern companies to be prepared beforehand for potential cyber security incidents and data leaks. A proper incident disclosure strategy can significantly improve timeliness and effectiveness of incident response activities, reduce legal fines, and restore confidence and trust of a company's key stakeholders. In this paper, four factors that shape organizational preferences regarding incident information disclosure are introduced. Together, they create a set of challenges for a company when deciding to whom, when, what, and how to share cyber security incident information. We further propose a decision-support framework that provides step-by-step guidance for organizations to address these challenges, and develop an appropriate incident disclosure strategy.

Item Type:Conference or Workshop Paper (Full Paper, Talk)
Research Group:EWI-DIES: Distributed and Embedded Security
Uncontrolled Keywords:Cyber Crisis Management: decision-support, framework, disclosing security,
incident information
ID Code:23955
Deposited On:20 November 2013
More Information:statisticsmetis

Export this item as:

To correct this item please ask your editor

Repository Staff Only: edit this item