SOTER – A playbook for Cyber Security Incident Management, 2019. This project is now completed. The focus is on the use of intelligent and adaptive machine learning techniques to develop a comprehensive and adaptive playbook to manage cyber incidents, offering a cross-sectorial, process driven approach, lexicon-based equivalence mapping, sentiment analysis, semantic similarity classification to existing cyber security incident vocabulary and taxonomy. The project sponsors do not wish for it to be made publicly available yet.
There are many use cases for this project, here are some examples, and to where it might apply:
Incident responders will use the lexicon to better understand the severity and classification of the incident, but most importantly, the prioritisation of the incident. If you manage a National Cyber Incident Management Centre, e.g. NSCS, DHS, DPP, then prioritisation is a must due to the increasing number of incidents they handle and deal with it on a daily basis
As a Cyber Incident Researcher, I will use this lexicon to define, explain and discuss terms unambigiuously so that users of my research have a common and consistent understanding of what I am discussing, and also to most precisely converge my thoughts. Secondly, I will use both the framework and the repo to conduct research, and to leverage existing work done by other researchers.
As a SOC Analyst, I will use this lexicon for cyber incident resporting, handling, escalations and management this is so that Cyber Incidents are managed accordingly and appropriately. Failure to manage cyber incidents may lead to significant losses and overarching consequences, and may include loss of life, it it therefore extremely important that cyber incidents are appropriately classified and managed accordingly.