Fraunhofer-Institut für Angewandte Informationstechnik FIT

Filters
1
1 1
Reset filters

Settings
Now showing 1 - 2 of 2
No Thumbnail Available
Publication

SASP: a Semantic web-based Approach for management of Sharable cybersecurity Playbooks

2022-08 , Akbari Gurabi, Mehdi , Mandal, Avikarsha , Popanda, Jan , Rapp, Robert , Decker, Stefan

In incident management, response and recovery actions are designed to effectively mitigate ongoing or future cyberattacks. A security playbook consists of a pipeline of instructions to document necessary response and recovery actions to deal with a specific type of incident. Since many organisations lack the resources, expertise and know-how to handle incidents, sharing playbooks across organisations could significantly improve their response capabilities against cyberattacks. However, playbooks are often organisation specific and usually not machine-readable, sharable and interoperable. In this work, we propose a semantic web-based approach to capture the knowledge of incident response and recovery steps to support sharing of playbooks based on a standardised and common vocabulary. To further demonstrate our approach, we introduce SASP, a proof-of-concept tool based on Semantic MediaWiki for playbook management. In this paper, we describe the key requirements from incident handlers to share playbooks, SASP architecture design, and its core components and functionalities. We then discuss the results of our user-centric evaluation conducted on members of different Security Operation Centres and the further potential of the solution.

View
No Thumbnail Available
Publication

From Collaboration to Automation: A Proof of Concept for Improved Incident Response

2022 , Nitz, Lasse , Zadnik, Martin , Akbari Gurabi, Mehdi , Obrecht, Mischa , Mandal, Avikarsha

Effective incident response relies on taking accurate and timely measures in reaction to cybersecurity incidents. The increase in both the number and variety of cyberattacks, however, makes it challenging for incident handlers to keep up with this task. In the H2020 project SAPPAN, we take a practical look at this problem and explore the sharing of incident handling information, the automation of incident response processes, as well as the relationship between these two topics, to assist human operators in their work.

View