Normalizing Cybersecurity: Improving Cyber Incident Response with the Incident Command System [open pdf - 923KB]
From the thesis Abstract: "In 2018, the Colorado Department of Transportation was hit with a ransomware attack that resulted in the first-ever state emergency declaration for a cyber attack. Cyber attacks against the nation and its infrastructure are expected to increase, yet no extensive research exists on the United States' designated response framework for them. This thesis investigated the application of the Incident Command System (ICS) in significant cyber incidents and how the system may be improved for these events. A mixed method study consisting of case studies, senior leader interviews, and a quantitative survey was used to evaluate ICS specific to the framework's eight core concepts. The research includes findings on variables that impact the effectiveness of response frameworks in cyber events. Recommendations are made to improve cyber response."
Naval Postgraduate School, Dudley Knox Library: https://calhoun.nps.edu/