KIT | KIT-Bibliothek | Impressum | Datenschutz

Learning from IT Security Catastrophes: A Post Catastrophe Analysing Checklist

Traup, Felix; Speck, Christina; Deckers, Felix; Lorenz, Peter


Background: Our reliance on IT increases the impact of each IT security incident, often making them a costly catastrophe. IT security guidelines and standards aim at recommending security measures, that should prevent IT security catastrophes. However, guidelines and standards tend to be very brought and are not always up to date on security recommendations, protecting from the latest threats.
Objective: This work builds up a checklist on how to learn from the latest IT security catastrophes after they have happened. After immediate firefighting has ended, our checklist can be used by both practitioners and researchers and offers suggestions on how IT security catastrophes can be analysed.
Methods: We iteratively analysed literature on past IT security catastrophes to build a checklist that considers practice as well as research, to help learning from IT security catastrophes. We chose IT security catastrophes, that best reflect our defined IT security catastrophe spectrum. Finally, we provided an exemplary instantiation of the developed checklist on the IT security catastrophe caused by the ransomware WannaCry.
Results: As a result, we developed a checklist that enables both practitioners and researchers to analyse IT security catastrophes in a structured manner after immediate firefighting has ended. ... mehr

Verlagsausgabe §
DOI: 10.5445/IR/1000138902
Cover der Publikation
Zugehörige Institution(en) am KIT Institut für Angewandte Informatik und Formale Beschreibungsverfahren (AIFB)
Publikationstyp Buchaufsatz
Publikationsmonat/-jahr 10.2021
Sprache Englisch
Identifikator KITopen-ID: 1000139019
Erschienen in cii Student Papers - 2021. Ed.: A. Sunyaev
Verlag Karlsruher Institut für Technologie (KIT)
Seiten 73-106
Schlagwörter IT security catastrophe, IT security, IT security guidelines, IT security standards, cyber security, security incident
Relationen in KITopen
KIT – Die Forschungsuniversität in der Helmholtz-Gemeinschaft
KITopen Landing Page