Learning from IT Security Catastrophes: A Post Catastrophe Analysing Checklist

Background: Our reliance on IT increases the impact of each IT security incident, often making them a costly catastrophe. IT security guidelines and standards aim at recommending security measures, that should prevent IT security catastrophes. However, guidelines and standards tend to be very brought and are not always up to date on security recommendations, protecting from the latest threats.
Objective: This work builds up a checklist on how to learn from the latest IT security catastrophes after they have happened. After immediate firefighting has ended, our checklist can be used by both practitioners and researchers and offers suggestions on how IT security catastrophes can be analysed.
Methods: We iteratively analysed literature on past IT security catastrophes to build a checklist that considers practice as well as research, to help learning from IT security catastrophes. We chose IT security catastrophes, that best reflect our defined IT security catastrophe spectrum. Finally, we provided an exemplary instantiation of the developed checklist on the IT security catastrophe caused by the ransomware WannaCry.
Results: As a result, we developed a checklist that enables both practitioners and researchers to analyse IT security catastrophes in a structured manner after immediate firefighting has ended. ... mehrAlso, we provided a definition, that helps classify an IT security issue as catastrophe.
Conclusion: Further iterations with the most recent IT security catastrophes are advised to continually improve our checklist. Our work thereby contributes to the awareness, on how important it is to build methods in order to learn from past catastrophes.