A Process Model for Incident Response to Enhance National Cyber Security Approach in Uganda Case Study: National Information Technology Authority - Uganda
Author: Emmanuel Mugabi
Supervisor: Duncan Naigenda
The area of incident response has gradually moved to the forefront of cyber security at both organizational and national level. This is mainly due to the ever changing threat landscape, increase in cyber-crime skillsí sophistication and increased impact of cyber incidents that affect the confidentiality, integrity and/ or availability of digital infrastructure that we are increasingly reliant upon.
Incident response requires an enhanced approach that matches the level of sophistication of cyber incidents. The response of any organization towards any cyber incident mainly realized through malicious attacks is key in reducing impact, promoting quick recovery of normal operations and improving controls.
The increased cyber threats affecting critical information infrastructure and evolution of cyber-crime motivation has raised the need for effective incident response mechanism at national level towards enhancement of country level cyber security protection.
This dissertation discusses the various existing incident response approach mechanisms, their relation to ever changing cyber threat landscape and suggests an enhanced incident response process model for enhanced national cyber security approach. The area of incident response compliments existing traditional information security protection measures.
The dissertation further takes into considerations best practice by the leading entities in Incident Response, as well as most commonly used incident response frameworks. These aspects were studied to establish the common cross cutting areas and compared to the nature of existing cyber threats to identify gaps as the basis for the enhanced process model for national incident response.