Active response is a sequence of actions per- formed speci¯cally to mitigate a detected threat. Response decisions always follow detection: a decision to take `no ac- tion' remains a response decision. However, active response is a complex subject that has received insu±cient formal attention. To facilitate discussion, this paper provides a framework that proposes a common de¯nition, describes the role of response and the major issues surrounding response choices, and ¯nally, provides a model for the process of re- sponse. This provides a common starting point for discus- sion of the full response continuum as an integral part of contemporary computer security.
Revised: October 26, 2010 |
Published: June 17, 2005
Citation
Caltagirone S., and D.A. Frincke. 2005.The Response Continuum. In Proceedings from the Sixth Annual IEEESystems, Man and Cybernetics Information Assurance Workshop, 258-265. Piscataway, New Jersey:Institute of Electrical and Electronic Engineers.PNNL-SA-44842.