Date post: | 21-Dec-2015 |
Category: |
Documents |
View: | 213 times |
Download: | 0 times |
Security Incident Handling and Organisational Models
Hossein Hayati Karun
Autumn 2006
Gjøvik University College
Research questions
• How to measure the efficiency of routines for security incident handling in two organisational models?
• How to increase the efficiency of routines for handling security incidents?
Organisational models
Hierarchic Matrix
Organisation charts (1/2)
Samples of hierarchical structures• 12 employees with total capacity of 110
• 16 employees with total capacity of 165
• 25 employees with total capacity of 265
Organisation charts (2/2)
Samples of matrix structures• 12 employees with total capacity of 110
• 16 employees with total capacity of 165
• 25 employees with total capacity of 265
Network flow theorem
• Menger’s theorem can be interpreted in the network flow context in the following way:
The maximum amount of flow in a network is equal to the capacity of a minimum cut.
Graph capacity
Each edge is assigned with an integer
The integer indicates the edge’s capacity
For instance: a d = 5
Computing the max flow
1. S a = 5
2. a d = 5
3. d g = 5
4. g T = 5
Flow capacity = 5
Maximum flow
Computing the max flow
From To Capacity
S a 5
a d 5
d g 5
g T 5
S b 3
b e 3
e h 3
h T 3
S c 2
c e 2
e g 2
g T 2
From To Capacity
S c 2
c e 2
e h 2
h T 2
S c 1
c f 1
f h 1
H T 1
Max flow = 13
Minimum cut
Computing the min cut
• 9 min cuts (green lines)
• A = 5 + 3 + 5 = 13
• B = 5+3+4+1 = 13
• D = 1+5+2+5 = 13
• E = 1+4+3+0+5 = 13
• …
• Min cut = 13
Max flow – min cut
The maximum amount of flow in a network is equal to the capacity of a minimum cut.
Max flow = Min cut = 13
Ford-Fulkerson’s algorithm
Advantages:• Simplicity during
the implementation
• high speed of the algorithm requires little processor power
Disadvantage:• the insignificant
probability of not returning a value which means not being able to calculate the flow capacity
The prototype
Computes max flow
• Developed in C#
• Basen on FF’s algo
• Textual presentation
• Graphical presentation
2 sets of data files (12 files)
1. Solved security incidents
Employees: Same capacity as in 2.
Managers: Lower security incidents solving capacity than employees
2. Reported security incidents
Employees: same capacity as in 1.
Managers: Higher reporting capacity than solving security incidents
Results of our experiment
• Solved security incidents– Hierarchic structure– Matrix structure
• Reported security incidents– Hierarchic structure– Matrix structure
Nodes and edges
Solved security incidents in hierarchical structure
Solved security incidents in matrix structure
Reported security incidents in hierarchical structure
Reported security incidents in matrix structure
Solved security incidents inhierarchical and matrix structure
Reported security incidents inhierarchical and matrix structure
Conclusion
1. Matrix organisational model are a more efficient organisational model than the hierarchical model, both in solving and reporting security incidents.
2. Increasing the efficiency of routines for handling security incidents does not depend on the organisations’ size, but rather the organisations’ model.
1. Using network flow capacity2. Reorganise to matrix structure
Usefulness …
• Eases the computation of max flow• Personnel dealing with security organisation,
security management …• Computing max flow when any changes like
merging or dividing companies or department take place
• Testing other organisational models
Thanks to …
Professor Slobodan Petrovic
Monica Strand Kristiansen
Brita Vesterås
And all of you
Any question?