Date of Award

2017

Degree Type

Dissertation

Degree Name

Doctor of Philosophy in Computer Science

Department

Computer Science and Stastistics

First Advisor

Victor Fay-Wolfe

Abstract

Incident response (IR) is an integral part of today’s computer security infrastructure both at the public and private sectors. The process involves identification of the critical resources, proposing plans for responding to potential breaches and executing effective containment and recovery procedures. The current practices emphasize establishing careful response plans, building technical capabilities and following disciplined procedures for plan execution. This research builds on the above by adding another dimension to the process, namely performance evaluation.

Proposing a framework for the performance analysis of computer security incident response (CSIR) capabilities is the main focus of this research. The various design considerations and challenges to performance analysis of CSIR are investigated. A multidisciplinary survey is conducted to derive lessons learnt and best practices for the design of performance systems. The outcomes of the survey are integrated to the CSIR discipline to produce a development process for constructing performance evaluation models. For each development step, the various design possibilities are investigated to ensure flexibility and applicability to the wide spectrum of CSIR environments.

Expert feedback is used as a method of design validation to ensure conformance to current CSIR best practices. Issues pertaining to how performance evaluation could be incorporated into the current industry practices are also explored. As a notable contribution, the study produces the definition and design considerations for fifty performance indicators that cover the diverse performance aspects of computer security incident response systems.

Available for download on Thursday, May 03, 2018

Share

COinS