Date of Award
Doctor of Philosophy in Computer Science
Computer Science and Stastistics
Incident response (IR) is an integral part of today’s computer security infrastructure both at the public and private sectors. The process involves identification of the critical resources, proposing plans for responding to potential breaches and executing effective containment and recovery procedures. The current practices emphasize establishing careful response plans, building technical capabilities and following disciplined procedures for plan execution. This research builds on the above by adding another dimension to the process, namely performance evaluation.
Proposing a framework for the performance analysis of computer security incident response (CSIR) capabilities is the main focus of this research. The various design considerations and challenges to performance analysis of CSIR are investigated. A multidisciplinary survey is conducted to derive lessons learnt and best practices for the design of performance systems. The outcomes of the survey are integrated to the CSIR discipline to produce a development process for constructing performance evaluation models. For each development step, the various design possibilities are investigated to ensure flexibility and applicability to the wide spectrum of CSIR environments.
Expert feedback is used as a method of design validation to ensure conformance to current CSIR best practices. Issues pertaining to how performance evaluation could be incorporated into the current industry practices are also explored. As a notable contribution, the study produces the definition and design considerations for fifty performance indicators that cover the diverse performance aspects of computer security incident response systems.
Al Harfi Albluwi, Qutaiba, "Framework for Performance Evaluation of Computer Security Incident Response Capabilities" (2017). Open Access Dissertations. Paper 636.