A survey of information security incident handling in the cloud

Abadi

Agarwal, 2011, Systematic digital forensic investigation model, Int J Comput Sci Secur IJCSS, 5, 118

Ahmad, 2012, Incident response teams – challenges in supporting the organisational security function, Comput Secur, 31, 643, 10.1016/j.cose.2012.04.001

Al Mutawa, 2012, Forensic analysis of social networking applications on mobile devices, Digit Investig, 9, 24, 10.1016/j.diin.2012.05.007

Albakri, 2014, Security risk assessment framework for cloud computing environments, Secur Commun Netw, 7, 2114, 10.1002/sec.923

Alberts, 2004

Aleem, 2013, Let me in the cloud: analysis of the benefit and risk assessment of cloud platform, J Financ Crime, 20, 6, 10.1108/13590791311287337

Amazon Web Services

Amazon Web Services

Anuar, 2011, A risk index model for security incident prioritisation, 24

Anuar, 2014, A response selection model for intrusion response systems: response strategy model (RSM), Secur Commun Netw, 7, 1831, 10.1002/sec.896

Ardi, 2009, A post-mortem incident modeling method, 1018

Ariffin, 2013, Digital camcorder forensics, 39

BAE Systems Detica

Barske, 2010, A digital forensic readiness framework for South African SMEs, 1

Bashir, 2011, Privacy in the cloud: going beyond the contractarian paradigm, 21

Bendiek, 2012, European cyber security policy

Bhilare, 2010, An architecture for a distributed collaborative inter university incident handling mechanism, Int J Comput Internet Secur, 2, 29

Bojanc, 2013, A quantitative model for information-security risk management, Eng Manag J, 25, 25, 10.1080/10429247.2013.11431972

British Standards Institution, 2007

Cárdenas, 2011, Attacks against process control systems: risk assessment, detection, and response, 355

Caskurlu, 2013, Analytical models for risk-based intrusion response, Comput Netw, 57, 2181, 10.1016/j.comnet.2013.03.012

Chivers, 2009, Risk profiles and distributed risk assessment, Comput Secur, 28, 521, 10.1016/j.cose.2009.04.005

Choo, 2011, The cyber threat landscape: challenges and future research directions, Comput Secur, 30, 719, 10.1016/j.cose.2011.08.004

Choo, 2014, A cloud security risk-management strategy, IEEE Cloud Comput, 1, 52, 10.1109/MCC.2014.27

Choo, 2014, Legal issues in the cloud, IEEE Cloud Comput Mag, 94, 10.1109/MCC.2014.14

Chung, 2012, Digital forensic investigation of cloud storage services, Digit Investig, 9, 81, 10.1016/j.diin.2012.05.015

Cichonski, 2012

Clarke, 2013

Cloud Security Alliance, 2011

CMMI Product Team, 2010

Connell, 2013, The CERT assessment tool: increasing a security incident responders ability to assess risk, 236

Connell, 2013, Cerebro: a platform for collaborative incident response and investigation, 241

Cusick, 2010, Creating an ITIL inspired incident management approach: roots, response, and results, 142

Daley, 2011, Operationalizing the coordinated incident handling model, 287

Dekker, 2013

Ding, 2011, Time based data forensic and cross-reference analysis, 185

Dykstra, 2012, Acquiring forensic evidence from infrastructure-as-a-service cloud computing: exploring and evaluating tools, trust, and techniques, Digit Investig, 9, 90, 10.1016/j.diin.2012.05.001

European Network and Information Security Agency (ENISA), 2010

European Network and Information Security Agency (ENISA), 2012

Federal Office for Information Security

Fessi, 2014, A multi-attribute decision model for intrusion response system, Inf Sci, 270, 237, 10.1016/j.ins.2014.02.139

Freiling, 2007, A common process model for incident response and computer forensics, vol. 7, 19

Garfinkel, 2012, A general strategy for differential forensic analysis, Digit Investig, 9, 50, 10.1016/j.diin.2012.05.003

Guo, 2009, An incident management model for SaaS application in the IT organization, 137

Gurkok, 2013, Cyber forensics and incident response, 601

Herrmann, 2011, 1

Hooper, 2013, Cloud computing and its implications for cybercrime investigations, Aust Comput Law Secur Rev, 29, 152, 10.1016/j.clsr.2013.01.006

Hove, 2013

Husain, 2010, iForensics: forensic analysis of instant messaging on smart phones, 9

International Standard for Organisation, 2011

Irwin, 2011, Extracting evidence related to VoIP calls, 221

Ismail, 2011, New method of forensic computing in a small organization, Aust J Basic Appl Sci, 5, 2019

Jansen, 2011

Johnson, 2014, 21

Jung, 2011, Sensitive privacy data acquisition in the iPhone for digital forensic analysis, 172

Junqueira, 2011, Zab: high-performance broadcast for primary-backup systems, 245

Kaart, 2014, Android forensics: interpretation of timestamps, Digit Investig, 1

Kearney, 2013, Effective corporate governance: combining an ICT security incident and organisational learning, 12

Kheir, 2009, Cost evaluation for intrusion response using dependency graphs, 1

Khorshed, 2012, A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in cloud computing, Future Gener Comput Syst, 28, 833, 10.1016/j.future.2012.01.006

Khurana, 2009, Palantir: a framework for collaborative incident response and investigation, 38

Killcrece, 2003

Killcrece, 2003

Kim, 2011, Advanced bot response mechanism based on DNS sinkhole, Inf Int Interdiscip J, 14, 2499

Koivunen, 2012, Why wasn't I notified?: information security incident reporting demystified, 55

Kostina, 2009, Information security incident management process, 93

Kozlovszky, 2013, Cloud security monitoring and vulnerability management, 265

Kral, 2011

Krichene, 2008, Incident response probabilistic cognitive maps, 689

Kurowski, 2011, Computational documentation of IT incidents as support for forensic operations, 37

Lee, 2011, Pervasive forensic analysis based on mobile cloud computing, 572

Lee, 2002, Toward cost-sensitive modeling for intrusion detection and response, J Comput Secur, 10, 5, 10.3233/JCS-2002-101-202

Li, 2012, A deep understanding of cloud computing security issues in cloud computing, 98

Luo, 2014, A fictitious play-based response strategy for multistage intrusion defense systems, Secur Commun Netw, 2014, 473, 10.1002/sec.730

Ma, 2010, Study on architecture-oriented information security risk assessment model, 218

Marinescu, 2013, Cloud infrastructure, 67

Martini, 2012, An integrated conceptual digital forensic framework for cloud computing, Digit Investig, 9, 71, 10.1016/j.diin.2012.07.001

Mitropoulos, 2006, On incident handling and response: a state-of-the-art approach, Comput Secur, 25, 351, 10.1016/j.cose.2005.09.006

Morrissey, 2010

Murray, 2014

MyCERT

Mylonas, 2012, 249

Nikkel, 2014, Fostering incident response and digital forensics research, Digit Investig, 11, 249, 10.1016/j.diin.2014.09.004

Omeleze, 2013, Testing the harmonised digital forensic investigation process model-using an Android mobile phone, 1

Ongaro, 2011, Fast crash recovery in RAMCloud, 29

Ping, 2010, An incident response decision support system based on CBR and ontology, V11

Parliament of the Commonwealth of Australia (PoA), 2010

Ponemon Institute, 2013

Poolsappasit, 2012, Dynamic security risk management using Bayesian attack graphs, IEEE Trans Dependable Secure Comput, 9, 61, 10.1109/TDSC.2011.34

Quick, 2013, Dropbox analysis: data remnants on user machines, Digit Investig, 10, 3, 10.1016/j.diin.2013.02.003

Quick, 2013, Forensic collection of cloud storage data: does the act of collection result in changes to the data or its metadata?, Digit Investig, 10, 266, 10.1016/j.diin.2013.07.001

Quick, 2014, Google drive: forensic analysis of cloud storage data remnant, J Netw Comput Appl, 40, 179, 10.1016/j.jnca.2013.09.016

Quick, 2014, Impacts of increasing volume of digital forensic data: a survey and future research challenges, Digit Investig, 11, 273, 10.1016/j.diin.2014.09.002

Quick, 2014

Reddy, 2009, A forensic framework for handling information, 143

Ruan, 2011, Cloud forensics, 35

Ruefl, 2014, Computer security incident response team development and evolution, IEEE Secur Priv, 12, 16, 10.1109/MSP.2014.89

Satoh, 2009, Analysis of information security problem by probabilistic risk assessment, Int J Comput, 3, 337

Shameli-Sendi, 2014, Taxonomy of intrusion risk assessment and response system, Comput Secur, 45, 1, 10.1016/j.cose.2014.04.009

Shedden, 2011, Informal learning in security incident response teams, 1

Simon, 2014, Digital forensics: challenges and future research directions, 105

Sindoori, 2012, 2012 An overview of disaster recovery in virtualization technology, J Artif Intell, 6, 60, 10.3923/jai.2013.60.67

Srinivasan, 2012, State-of-the-art cloud computing security taxonomies: a classification of security challenges in the present cloud, 470

Stakhanova, 2007, A cost-sensitive model for preemptive intrusion response systems, 428

Strasburg, 2009, A framework for cost sensitive assessment of intrusion response selection, 355

Strasburg, 2009, Intrusion response cost assessment methodology, 388

Subashini, 2011, A survey on security issues in service delivery models of cloud computing, J Netw Comput Appl, 34, 1, 10.1016/j.jnca.2010.07.006

Sylve, 2012, Acquisition and analysis of volatile memory from Android devices, Digit Investig, 8, 175, 10.1016/j.diin.2011.10.003

Symantec, 2013

Takabi, 2010, Security and privacy challenges in cloud computing environments, IEEE Secur Priv Mag, 8, 24, 10.1109/MSP.2010.186

Taylor, 2013, Developing an incident response plan, 95

Theoharidou, 2011, Risk assessment methodology for interdependent critical infrastructures, Int J Risk Assess Manag, 15, 128, 10.1504/IJRAM.2011.042113

Theoharidou, 2012, A risk assessment method for smartphones, 443

Thethi, 2014, Digital forensics investigations in the cloud, 1475

Trenwith, 2013, Digital forensic readiness in the cloud, 1

US District Court for the District of Columbia, 2013

U.S. GAO, 2014

Usmani, 2013, An improved framework for incident handling, Inf Secur J Glob Perspect, 22, 1, 10.1080/19393555.2012.751565

Valjarevic, 2011, Towards a digital forensic readiness framework for public key infrastructure systems, 1

Valjarevic, 2013, A harmonized process model for digital forensic investigation, 67

Vidas, 2011, Toward a general collection methodology for Android devices, Digit Investig, 8, 14, 10.1016/j.diin.2011.05.003

West-Brown, 2003

Wiik, 2009, Chronic workload problems in CSIRTs, 1

Wiik, 2009, Persistent instabilities in the high-priority incident workload of CSIRTs, 1

Wiik, 2009, Preserving a balanced CSIRT constituency, 1

Wu, 2009, Information systems security risk assessment on improved fuzzy AHP, 365

Wu, 2013, Towards a SCADA forensics architecture, 12

Yang, 2010, Cloud computing research and security issues, 10

Yu, 2009, A process model for forensic analysis of Symbian, 86

Yuill, 2000, Intrusion-detection for incident-response, using a military battlefield-intelligence process, Comput Netw, 34, 671, 10.1016/S1389-1286(00)00142-0

Zhang, 2011, Constructions on disaster tolerant backup system of management information system, 425

Zhang, 2011, Disaster recovery evaluation PROC model framework based on information flow, 1841

Zimmerman, 2011, Cyber forensics in the cloud, IAnewsletter, 14, 4

Zonouz, 2013, Cyber-physical security metric inference in smart grid critical infrastructures based on system administrators responsive behavior, Comput Secur, 39, 190, 10.1016/j.cose.2013.07.003

Zonouz, 2014, RRE: a game-theoretic intrusion response and recovery engine, IEEE Trans Parallel Distrib Syst, 25, 395, 10.1109/TPDS.2013.211