 1-10-60: Measuring the speed of incident responseRonald Pool
Cyber Security: A Peer-Reviewed Journal, 2020, vol. 3, issue 4, 308-314 Abstract: Threat intelligence reports have started to record adversary activities with such high fidelity that it is now possible to record how rapidly they perform their actions, showing that some adversaries are moving at staggering speed in some attacks and have highly professional operations. One such report is CrowdStrike’s ‘Annual Global Threat Report’,1 in which breakout time is used as a measurement of the speed of operations of cyber adversaries. But no matter which measurement we look at, it is clear that the attackers have a very efficient operation and do not suffer from the challenges the defenders face in their day-to-day operations that prohibit them from detecting, analysing and containing an incident rapidly before it spreads. This paper will discuss the speed at which the defensive side should operate and some of the challenges with, for instance, business processes they come across in order to keep up with the pace of the attackers. Keywords: incident response; attack speed; APT; eCrime; breakout time; 1-10-60 (search for similar items in EconPapers) Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:aza:csj000:y:2020:v:3:i:4:p:308-314 Access Statistics for this article More articles in Cyber Security: A Peer-Reviewed Journal from Henry Stewart Publications |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.