SOTER: a playbook for cyber security incident management

Onwubiko, Cyril and Ouazzane, Karim (2022) SOTER: a playbook for cyber security incident management. IEEE Transactions on Engineering Management, 69 (6). pp. 3771-3791. ISSN 0018-9391


SOTER, a cyber security incident management playbook, is developed to provide a comprehensive model to manage cyber security incidents, particularly for the cyber security operations centre. The proposed playbook is adaptive, cross-sectorial, and process driven. Each key components of the incident management playbook are outlined and discussed. Further, a lexicon based on equivalence mapping is developed and used to map existing cyber security incident vocabulary and taxonomy into a common and consistent lexicon to aid understanding among incident management stakeholder communities – national, government and private sectors. A versatile workbook model has been explored which proves to be adaptable to serve a wide range of cases for successfully managing government and private sector security operations centre. Cyber security incident sharing partnership, formalism for metric and measurements of cyber security incident parameters, and cyber security incident classification and prioritisation schemes are presented, and finally, cyber security incident ‘plays’ and playbook templates are discussed.

TEM paper on SOTER_Camera_Ready Version_1.5_Nov2019.pdf - Accepted Version
Available under License Creative Commons Attribution Non-commercial No Derivatives 4.0.

Download (1MB) | Preview


Downloads per month over past year

Downloads each year

View Item View Item