How Good is Your Data? Investigating the Quality of Data Generated During Security Incident Response Investigations
George Grispos, William Bradley Glisson, Tim Storer

TL;DR
This paper investigates the quality of data generated during security incident response investigations, highlighting challenges and laying groundwork for improving data quality in threat intelligence efforts.
Contribution
It provides an empirical case study analyzing data quality issues in a Fortune 500 organization's incident response team, an area previously underexplored.
Findings
Identified key data quality challenges in incident response data
Highlighted the impact of data quality on threat intelligence
Established a foundation for future research on incident response data quality
Abstract
An increasing number of cybersecurity incidents prompts organizations to explore alternative security solutions, such as threat intelligence programs. For such programs to succeed, data needs to be collected, validated, and recorded in relevant datastores. One potential source supplying these datastores is an organization's security incident response team. However, researchers have argued that these teams focus more on eradication and recovery and less on providing feedback to enhance organizational security. This prompts the idea that data collected during security incident investigations may be of insufficient quality for threat intelligence analysis. While previous discussions focus on data quality issues from threat intelligence sharing perspectives, minimal research examines the data generated during incident response investigations. This paper presents the results of a case study…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
