Application of security information and event management technology for information security in critical infrastructures

Information security is a need to secure organizational information assets. The government as the regulator issues an Information Security Management System (ISMS) and Information Security Index (US) as a measure of information security in the agency of a region. Security Information and Event Management (SIEM) is a security technology to secure information assets. SIEM is expected to provide information on attacks that occur on the router network and increase the value of the Indeks KAMI of government agencies. However, the use of SIEM is still questionable whether it can recognize a router attack and its impact on the value of our index. This research simulates attacks on routers with 8 attacks namely Mac Flooding, ARP-Poisoning, CDP Flooding, DHCP Starvation, DHCP Rogue, SYN Flooding SSH Bruteforce and FTP Bruteforce. 8 types of attacks followed by digital forensic analysis using the OSCAR method to see the impact on routers and SIEM. Also measured is index KAMI before and after the SIEM to be able to measure the effect of SIEM installation on the value of index KAMI. It was found that the use of SIEM to conduct security monitoring proved successful in identifying attacks, but not all were recognized by SIEM. SIEM only recognizes DHCP Starvation, DHCP Rogue, SSH Bruteforce and FTP Bruteforce. Mac Flooding, ARP-Poisoning, CDP Flooding, SYN Flooding attacks are not recognized by SIEM because routers do not produce logs. Also obtained is the use of SIEM proven to increase our index from the aspect of technology

Download Full-text

Security Information and Event Management Implementation Guidance

Advances in Systems Analysis, Software Engineering, and High Performance Computing - Enabling the New Era of Cloud Computing ◽

10.4018/978-1-4666-4801-2.ch005 ◽

2013 ◽

pp. 94-115

Author(s):

Yushi Shen ◽

Yale Li ◽

Ling Wu ◽

Shaofeng Liu ◽

Qian Wen

Keyword(s):

Information Security ◽

Security Analysis ◽

The United States ◽

Professional Judgment ◽

Event Management ◽

Security Risks ◽

Customer Information ◽

Simple Step ◽

Security Information ◽

Security As A Service

This chapter is about guidance and implementation prepared by the Cloud Security Alliance (CSA) Security as a Service (SecaaS) workgroup, which is made up of users and practitioners in the field of information security. In preparing this implementation guide, input has been sought from experts throughout Europe, the Middle East, and the United States. A lot of professional judgment and experience are applied in the architecture, engineering, and implementation of a Security Information and Event Management (SIEM) guide to ensure that it logs the information necessary to successfully increase visibility and remove ambiguity, surrounding the security events and risks that an organization faces. By providing SIEM as a service under SecaaS, the provider has to be able to accept log and event information, customer information and event feeds, and conduct information security analysis, correlation, and support incident response. By providing flexible real-time access to SIEM information, it allows the party consuming the SIEM service to identify threats acting against their environment cloud. This identification then allows for the appropriate action and response to be taken to protect or mitigate the threat. The simple step of increasing visibility and removing ambiguity is a powerful tool to understanding the information security risks that an organization is facing.

Download Full-text

Features of architecture of security assessment complexes

Informacionno-technologicheskij vestnik ◽

10.21499/2409-1650-2019-2-110-116 ◽

2019 ◽

pp. 110-116

Author(s):

N. A. Kravchenko

Keyword(s):

Information Security ◽

Assessment Tools ◽

Security Assessment ◽

Event Management ◽

Test Plan ◽

Ishikawa Diagram ◽

Its Analysis ◽

Factors Influencing ◽

Security Information

The article analyzes the tasks of combating threats in the information field and the place of security assessment tools in their context. The features of the architecture of the assessment complexes of various information security tools are analyzed. For an example of assessing the Security information and event management (SIEM), Ishikawa diagram was constructed. On the basis of its analysis, conclusions were drawn about the factors influencing the implementation of the test plan.

Download Full-text

Security Information and Event Management (SIEM): Analysis, Trends, and Usage in Critical Infrastructures

Sensors ◽

10.3390/s21144759 ◽

2021 ◽

Vol 21 (14) ◽

pp. 4759

Author(s):

Gustavo González-Granadillo ◽

Susana González-Zarzosa ◽

Rodrigo Diaz

Keyword(s):

Big Data Analytics ◽

Cyber Attacks ◽

Mitigation Strategies ◽

Critical Infrastructures ◽

Incident Response ◽

Event Management ◽

Factors Affecting ◽

Security Information ◽

Reducing Costs

Security Information and Event Management (SIEM) systems have been widely deployed as a powerful tool to prevent, detect, and react against cyber-attacks. SIEM solutions have evolved to become comprehensive systems that provide a wide visibility to identify areas of high risks and proactively focus on mitigation strategies aiming at reducing costs and time for incident response. Currently, SIEM systems and related solutions are slowly converging with big data analytics tools. We survey the most widely used SIEMs regarding their critical functionality and provide an analysis of external factors affecting the SIEM landscape in mid and long-term. A list of potential enhancements for the next generation of SIEMs is provided as part of the review of existing solutions as well as an analysis on their benefits and usage in critical infrastructures.

Download Full-text

Open challenges in visual analytics for security information and event management

Information and Control Systems ◽

10.31799/1684-8853-2019-2-57-67 ◽

2019 ◽

pp. 57-67

Author(s):

E. S. Novikova ◽

I. V. Kotenko

Keyword(s):

Visual Analytics ◽

Event Management ◽

Security Information

Download Full-text

2021 International Conference on Quality Management, Transport and Information Security, Information Technologies (IT&QM&IS)

10.1109/itqmis53292.2021 ◽

2021 ◽

Keyword(s):

Quality Management ◽

Information Security ◽

Information Technologies ◽

International Conference ◽

Security Information

Download Full-text

CONSTRUCTION OF MEMBERSHIP FUNCTIONS IN FUZZY SECURITY INFORMATION AND EVENT MANAGEMENT TASKS

Mathematical Methods in Technologies and Technics ◽

10.52348/2712-8873_mmtt_2021_1_126 ◽

2021 ◽

pp. 126-129

Author(s):

I.V. Kotenko ◽

I.B. Parashchuk

Keyword(s):

Membership Functions ◽

Event Management ◽

Security Information

Download Full-text

Blockchain Based Sharing of Security Information for Critical Infrastructures of the Finance Sector

Computer Security - Lecture Notes in Computer Science ◽

10.1007/978-3-030-42051-2_16 ◽

2020 ◽

pp. 226-241

Author(s):

Ioannis Karagiannis ◽

Konstantinos Mavrogiannis ◽

John Soldatos ◽

Dimitris Drakoulis ◽

Ernesto Troiano ◽

...

Keyword(s):

Critical Infrastructures ◽

Security Information

Download Full-text

Challenges and Directions in Security Information and Event Management (SIEM)

2018 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW) ◽

10.1109/issrew.2018.00-24 ◽

2018 ◽

Cited By ~ 3

Author(s):

Marcello Cinque ◽

Domenico Cotroneo ◽

Antonio Pecchia

Keyword(s):

Event Management ◽

Security Information

Download Full-text

Regards to the Information Literacy Formation of the National Guard Troops Personnel

Siberian Pedagogical Journal ◽

10.15293/1813-4718.2102.10 ◽

2021 ◽

pp. 99-106

Author(s):

Roman Vyacheslavovich Streltsov ◽

◽

Igor Valerevich Zolnikov ◽

Sergey Yurievich Ermolaev ◽

Evgeny Ivanovich Melnikov ◽

...

Keyword(s):

Information Security ◽

Information Literacy ◽

Military Personnel ◽

Information Technologies ◽

National Guard ◽

Professional Activities ◽

Literary Sources ◽

The Russian Federation ◽

Security Information ◽

Methodological Approaches

The main tasks in the field of information security organization are: creating a departmental segment and ensuring the required level of information security; improvement of regulatory legal acts and methodological documents of the National Guard Troops; ensuring the required level of information security when fulfilling tasks assigned to the National Guard Troops; development of an information security system and ensuring the provision of public services. The paper reveals the direct relations between information literacy and information security. Information security and information literacy are the two concepts that complement each other. It is impossible to imagine ensuring of information security without the information literacy of a military man. Issues related to the formation of information literacy of the National Guard Troops personnel of the Russian Federation are considered. The analysis of literary sources confirming the significance of the considered issue in the world community is performed. The main tasks for the formation of information literacy among military personnel are presented. The aim of the study is to search for scientific and methodological approaches to the organization of information literacy among military personnel. The purpose of the article military personnel is not only the ability to find the necessary information at various resources, the ability to use information technologies in service and professional activities, but also the ability to navigate in changing technologies taking into account the great pace of their development and increase the volume of information.

Download Full-text