Comparative Assessment of US Cyber Incident Response Systems

doi:10.26565/2519-2310-2023-1-03

Oleksandr Peliukh V. N. Karazin Kharkiv National University https://orcid.org/0000-0003-0507-0262
Maryna Yesina V. N. Karazin Kharkiv National University https://orcid.org/0000-0002-1252-7606
Dmytro Holubnychyi JSC "IIT" https://orcid.org/0000-0002-1252-7606

DOI: https://doi.org/10.26565/2519-2310-2023-1-03

Keywords: Cyber incident response, NIST CSF, CISA, Risk management, Security frameworks

Abstract

In today's world, cyber threats are becoming a serious issue for companies in all professional sectors. For all organisations, regardless of their field of activity, cyber threats in today's world are undoubtedly a significant challenge. Undoubtedly, modern organisations should set themselves the task of effectively countering cyber threats regardless of their professional industry. To effectively counter these threats, organisations must have effective incident response systems in place, including in cyberspace. There are many incident response frameworks in the US, each with its own advantages and disadvantages. This article offers a comparative analysis of the four leading US cyber incident response frameworks: NIST Cybersecurity Framework (CSF), CISA Cyber Incident Response Guide, ISO/IEC 27001 and NIST Special Publication 800-61. The purpose of the study is to provide organisations with an overview of the four leading incident response frameworks in the US so that they can choose the most appropriate framework for their specific needs. The research was conducted using a qualitative approach that included a thorough review of official documents, a review of relevant current literature, and consultation with cybersecurity professionals. This article is a valuable resource for organisations and companies looking for an effective and efficient method of responding to incidents, including cyber incidents. It provides an overview of the four leading frameworks in the US, allowing organisations to compare their advantages and disadvantages and ultimately choose the most appropriate framework for their specific objectives.

Downloads

Download data is not yet available.

Author Biographies

Oleksandr Peliukh, V. N. Karazin Kharkiv National University

CSD Student

Maryna Yesina, V. N. Karazin Kharkiv National University

Ph.D., Associate Professor, Department of Security of Information Systems and Technologies

Dmytro Holubnychyi, JSC "IIT"

Head of the scientific department of JSC "IIT"

References

eSentire, Inc. (2023). “2022 Official Cybercrime Report.” Retrieved (https://www.esentire.com/resources/library/2022-official-cybercrime-report).

American Public Power Association. (2021). “Public Power Cyber Incident Response Playbook” Retrieved (https://www.publicpower.org/resource/public-power-cyber-incident-response-playbook).

Nist, Gaithersburg Md. (2023). The NIST Cybersecurity Framework 2.0. https://doi.org/10.6028/NIST.CSWP.29.ipd.

NIST. (2021). “NIST SP 800-61 | NIST.” Retrieved (https://www.nist.gov/privacy-framework/nist-sp-800-61).

Cybersecurity and Infrastructure Security Agency CISA. (2021). “CISA Releases Incident and Vulnerability Response Playbooks to Strengthen Cybersecurity for Federal Civilian Agencies | CISA.” Retrieved (https://www.cisa.gov/news-events/news/cisa-releases-incident-and-vulnerability-response-playbooks-strengthen).

Information security, cybersecurity and privacy protection. Information security management systems. Requirements. ISO/IEC 27001. (2022). https://www.iso.org/standard/27001.

NIST. (2023). “Cybersecurity Framework Components | NIST.” Retrieved (https://www.nist.gov/cyberframework/online-learning/cybersecurity-framework-components).

Kosutic, Dejan. (2023). “What Is ISO 27001? A Detailed and Straightforward Guide.”. Retrieved (https://advisera.com/27001academy/what-is-iso-27001/).

Comparative Assessment of US Cyber Incident Response Systems

Abstract

Downloads

Author Biographies

References

Most read articles by the same author(s)