scholarly journals ОПЕРАЦІЙНИЙ ЦЕНТР БЕЗПЕКИ ЯК ПОСЛУГА НА ОСНОВІ SIEM

2021 ◽  
Vol 1 (2) ◽  
pp. 177-186
Author(s):  
V. O. BOLILYI ◽  
◽  
L. P. SUKHOVIRSKA ◽  
O. M. LUNHOL ◽  
◽  
...  
Keyword(s):  
Model Performance ◽  
Cyber Attacks ◽  
Event Management ◽  
Event Monitoring ◽  
Systems Security ◽  
State Pedagogical ◽  
Protection Systems ◽  
Security Information ◽  
Security Operations ◽  
Operations Center

This study examines the Security Operations Center, which provides detection and analysis of cybersecurity, rapid response, and prevention of cyber attacks. Security Operations Center technologies are used to provide visibility and enable analysts to protect against attacks. The algorithm of presenting the topic «Security Center» during the teaching of the discipline «Security of programs and data» at the Volodymyr Vynnychenko Central Ukrainian State Pedagogical University is shown, namely the problems of implementation of event monitoring systems «Security information and event management», types of operational centers, methods of building internal operational security centers. Subject competencies are formed in students: to classify, identify and protect information processing facilities from unauthorized access and computer viruses, to develop individual access control and information protection systems. The process of implementing Security information and event management systems at the enterprise is shown, the main mechanisms of this system using a hierarchical model, the main tasks of the security operational center, the key parameters of the Security Operations Center (organizational model, performance of functions that go beyond the tasks, level of authority), basic rules of correlation. The commercial security operations center SOC as a Service is considered, which is designed to help work with a huge amount of information, real-time monitoring and response to attacks. During the laboratory classes, the students analyzed the companies that provide security operations center services (Information Systems Security Partners, Octave Cybersecurity, Infopulse, Omega Security Service) and studied the factors that affect companies when choosing the type Security Operations Center. Key words: Security Operations Center, SEIM-systems, cybersecurity, SOC as a Service.

Socio-Technical SIEM (ST-SIEM)

2021 ◽  
pp. 189-203
Author(s):  
Bilal AlSabbagh ◽  
Stewart Kowalski
Keyword(s):  
Design Science ◽  
Science Research ◽  
Technical Aspect ◽  
Event Management ◽  
Security Metrics ◽  
Security Culture ◽  
Systems Security ◽  
Support Organizations ◽  
Response Practice ◽  
Security Information

This article discusses the design and specifications of a Socio-Technical Security Information and Event Management System (ST-SIEM). This newly-developed artifact addresses an important limitation identified in today incident response practice—the lack of sufficient context in actionable security information disseminated to constituent organizations. ST-SIEM tackles this limitation by considering the socio-technical aspect of information systems security. This concept is achieved by correlating the technical metrics of security warnings (which are generic in nature, and the sources of which are sometimes unknown) with predefined social security metrics (used for modeling the security culture of constituent organizations). ST-SIEM, accordingly, adapts the risk factor of the triggered security warning based on each constituent organization security culture. Moreover, the artifact features several socio-technical taxonomies with an impact factor to support organizations in classifying, reporting, and escalating actionable security information. The overall project uses design science research as a framework to develop the artifact.

Socio-Technical SIEM (ST-SIEM)

2017 ◽  
Vol 4 (2) ◽  
pp. 8-21 ◽  
Author(s):  
Bilal AlSabbagh ◽  
Stewart Kowalski
Keyword(s):  
Design Science ◽  
Science Research ◽  
Technical Aspect ◽  
Event Management ◽  
Security Metrics ◽  
Security Culture ◽  
Systems Security ◽  
Support Organizations ◽  
Response Practice ◽  
Security Information

This article discusses the design and specifications of a Socio-Technical Security Information and Event Management System (ST-SIEM). This newly-developed artifact addresses an important limitation identified in today incident response practice—the lack of sufficient context in actionable security information disseminated to constituent organizations. ST-SIEM tackles this limitation by considering the socio-technical aspect of information systems security. This concept is achieved by correlating the technical metrics of security warnings (which are generic in nature, and the sources of which are sometimes unknown) with predefined social security metrics (used for modeling the security culture of constituent organizations). ST-SIEM, accordingly, adapts the risk factor of the triggered security warning based on each constituent organization security culture. Moreover, the artifact features several socio-technical taxonomies with an impact factor to support organizations in classifying, reporting, and escalating actionable security information. The overall project uses design science research as a framework to develop the artifact.

scholarly journals Security Information and Event Management (SIEM): Analysis, Trends, and Usage in Critical Infrastructures

Sensors ◽  
2021 ◽  
Vol 21 (14) ◽  
pp. 4759
Author(s):  
Gustavo González-Granadillo ◽  
Susana González-Zarzosa ◽  
Rodrigo Diaz
Keyword(s):  
Big Data Analytics ◽  
Cyber Attacks ◽  
Mitigation Strategies ◽  
Critical Infrastructures ◽  
Incident Response ◽  
Event Management ◽  
Factors Affecting ◽  
Security Information ◽  
Reducing Costs

Security Information and Event Management (SIEM) systems have been widely deployed as a powerful tool to prevent, detect, and react against cyber-attacks. SIEM solutions have evolved to become comprehensive systems that provide a wide visibility to identify areas of high risks and proactively focus on mitigation strategies aiming at reducing costs and time for incident response. Currently, SIEM systems and related solutions are slowly converging with big data analytics tools. We survey the most widely used SIEMs regarding their critical functionality and provide an analysis of external factors affecting the SIEM landscape in mid and long-term. A list of potential enhancements for the next generation of SIEMs is provided as part of the review of existing solutions as well as an analysis on their benefits and usage in critical infrastructures.

scholarly journals ANALYSIS OF ROUTER ATTACK WITH SECURITY INFORMATION AND EVENT MANAGEMENT AND IMPLICATIONS IN INFORMATION SECURITY INDEX

2019 ◽  
Vol 2 (1) ◽  
pp. 1-7
Author(s):  
CITRA ARFANUDIN ◽  
Bambang Sugiantoro ◽  
Yudi Prayudi
Keyword(s):  
Information Security ◽  
Forensic Analysis ◽  
Event Management ◽  
Information Security Management System ◽  
Security Information ◽  
Information Assets ◽  
Security Index ◽  
Syn Flooding ◽  
The Government ◽  
The Impact

Information security is a need to secure organizational information assets. The government as the regulator issues an Information Security Management System (ISMS) and Information Security Index (US) as a measure of information security in the agency of a region. Security Information and Event Management (SIEM) is a security technology to secure information assets. SIEM is expected to provide information on attacks that occur on the router network and increase the value of the Indeks KAMI of government agencies. However, the use of SIEM is still questionable whether it can recognize a router attack and its impact on the value of our index. This research simulates attacks on routers with 8 attacks namely Mac Flooding, ARP-Poisoning, CDP Flooding, DHCP Starvation, DHCP Rogue, SYN Flooding SSH Bruteforce and FTP Bruteforce. 8 types of attacks followed by digital forensic analysis using the OSCAR method to see the impact on routers and SIEM. Also measured is index KAMI before and after the SIEM to be able to measure the effect of SIEM installation on the value of index KAMI. It was found that the use of SIEM to conduct security monitoring proved successful in identifying attacks, but not all were recognized by SIEM. SIEM only recognizes DHCP Starvation, DHCP Rogue, SSH Bruteforce and FTP Bruteforce. Mac Flooding, ARP-Poisoning, CDP Flooding, SYN Flooding attacks are not recognized by SIEM because routers do not produce logs. Also obtained is the use of SIEM proven to increase our index from the aspect of technology

Sign in / Sign up

Export Citation Format

Share Document