From Incident Response to Incident Response Management: Case studies from the oil and gas industry

The oil and gas sector in Norway, as well internationally, is on the brink of a development where ICT will be used as a basis for more extensive use of remote operation of equipment and complex systems. At the same time, there has been a large increase of ICT security related incidents in such systems, from internal as well as external sources. Incident response (IR) is the process of handling ICT security related incidents involving infrastructure and data. ICT security encompasses many different aspec ts including technology, human resources and organisation. So far, emphasis has been put on technical system issues. There is a need for a more holistic view, a method for incident response management. IRMA will encompass security culture, technology, a nd organisation in a complete learning cycle. The project will run for three years in cooperation between SINTEF, AUC, and NTNU as research partners and Statoil and OLF as industrial partners. IRMA will rely on a number of workshops with participants from the partners as well as external resources. IRMA will produce intermediate results during the whole project period for use at the partners. System Dynamics Maps will be used for modelling of incident response processes and CORAS will be used as a tool f or risk analysis. The results will be in the form of: - a complete and full-cycle method for structured incident response management including assessment and improvement of security culture - implementations at the industrial partners - a System Dynamics based virtual world with dual use as Interactive Learning Environment and auditing instruments - scientific publications and doctoral thesis