Logo des Repositoriums

Auflistung nach Autor:in "Kossakowski, Klaus-Peter"

1 - 3 von 3
  • Konferenzbeitrag
    CarmentiS auf dem Weg zu einem deutschen IT-Frühwarnsystem
    (Sicherheit 2006, Sicherheit – Schutz und Zuverlässigkeit, 2006) Kossakowski, Klaus-Peter; Sander, Jürgen
  • Konferenzbeitrag
    Detecting New Patterns of Attacks — Results and Applications of Large Scale Sensoring Networks
    (IT-Incident Management & IT-Forensics - IMF 2006, 2006) Voss, Torsten; Kossakowski, Klaus-Peter
    It is still not clear, how large scale sensoring networks can be turned into useful ressources of incident response teams. Recent research has shown that the work of incident response teams is clearly exposed to denial of service attacks if the handling of low number / high priority incidents is not separated from the work related to high number / low priority incidents [WK05]. This would imply that handling the magnitude of data coming from large scale sensoring networks will pose concrete operational problems to any incident response team dealing with it. While there are some strategies to mitigate this problem, we believe that only selecting the ’interesting’ events through filtering is not good enough and give away useful insights that are inside the data but not yet obviously visible for an unaware observer. Therefore our research objective is to identify successful strategies of how to extract useful data automatically out of large data sets. So far we have succeeded to improve a suggested algorithm and test it’s application in an operational setting. This paper will outline the algorithm, any improvement made as well as the key insights in it’s application.
  • Konferenzbeitrag
    Effectiveness of Proactive CSIRT Services
    (IT-Incident Management & IT-Forensics - IMF 2006, 2006) Wiik, Johannes; Gonzalez, Jose J.; Kossakowski, Klaus-Peter
    Many authors have suggested that Computer Security Incident Response Teams (CSIRTs) need to deliver more proactive services to stay effective, but there are hardly any studies investigating to what extent existing proactive services are indeed effective or how to make them more effective. We view the proactive services as cross-organisational learning processes, where CSIRTs facilitate learning between information providers (i. e. vendors of commercial off-the-shelf- software) and users of these information (i. e. users of such products) in the CSIRT constituency. Cross-organisational learning processes carry the promise of avoiding incidents and the hope of saving considerable resources, but only if the constituents are enabled to learn from the experiences of the past and from others effectively.