EEMCS EPrints Service
Kulikova, O. and Heil, R. and van den Berg, Jan and Pieters, W. (2012) Cyber crisis management: a decision-support framework for disclosing security incident information. In: International Conference on Cyber Security, CyberSecurity 2012, 14-16 Dec 2012, Washington, USA. pp. 103-112. Cyber Security (CyberSecurity), 2012 International Conference . IEEE Computer Society. ISBN 978-1-4799-0219-4
Full text available as:
Official URL: http://dx.doi.org/10.1109/CyberSecurity.2012.20
The growing sophistication and frequency of cyber attacks force modern companies to be prepared beforehand for potential cyber security incidents and data leaks. A proper incident disclosure strategy can significantly improve timeliness and effectiveness of incident response activities, reduce legal fines, and restore confidence and trust of a company's key stakeholders. In this paper, four factors that shape organizational preferences regarding incident information disclosure are introduced. Together, they create a set of challenges for a company when deciding to whom, when, what, and how to share cyber security incident information. We further propose a decision-support framework that provides step-by-step guidance for organizations to address these challenges, and develop an appropriate incident disclosure strategy.
Export this item as:
To correct this item please ask your editor
Repository Staff Only: edit this item