Alignment of Cybersecurity Incident Prioritisation with Incident Response Management Maturity Capabilities

TL;DR

This paper proposes a structured approach to prioritise cybersecurity incidents using IR CMM assessments, emphasizing organisational culture and response capabilities to improve incident management and resilience.

Contribution

It introduces a novel method linking IR CMM assessments with incident prioritisation, addressing a gap in immediate practical application for cybersecurity incident response.

Findings

Identifies common weaknesses like inadequate training and poor communication.

Highlights best practices such as regular training and clear communication.

Emphasizes the role of organisational culture in incident response.

Abstract

The increasing frequency and sophistication of cybersecurity incidents pose significant challenges to organisations, highlighting the critical need for robust incident response capabilities. This paper explores a possible utilisation of IR CMMs assessments to systematically prioritise incidents based on their impact, severity, and the incident response capabilities of an organisation in specific areas associated with human and organisational factors. The findings reveal common weaknesses in incident response, such as inadequate training and poor communication, and highlight best practices, including regular training programs, clear communication protocols, and well-documented response procedures. The analysis also emphasises the importance of organisational culture in enhancing incident response capabilities. By addressing the gap in understanding how the output of IRM assessments can be immediately utilised to prioritise high-risk incidents, this paper contributes valuable insights to academia and practice, offering a structured approach to enhancing organisational resilience against cybersecurity threats.