Abstract
A cybersecurity incident is any event that directly or indirectly affects the confidentiality, availability, or integrity of a system or a service (or its data). The aim of a cyber-incident management process is to restore normal service levels as quickly as possible, by mitigating or eliminating the effects of system service disruptions. During the different phases of a cyber-incident management process, the documentation can be confusing and difficult to comprehend, making it ineffective. This paper aims to improve cyber-incident management processes that already exist by introducing feature models in order to handle incident documentation, classification, prioritisation, and mitigation. An example of an improved cyber-incident process is evaluated with respect to its efficiency and effectiveness, by conducting two case studies. The results of this work reveal that the improved process increases efficiency in addressing and repairing cyber-incidents by reducing the incident response time.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
