Security Information and Event Management Implementation Guidance

This chapter is about guidance and implementation prepared by the Cloud Security Alliance (CSA) Security as a Service (SecaaS) workgroup, which is made up of users and practitioners in the field of information security. In preparing this implementation guide, input has been sought from experts throughout Europe, the Middle East, and the United States. A lot of professional judgment and experience are applied in the architecture, engineering, and implementation of a Security Information and Event Management (SIEM) guide to ensure that it logs the information necessary to successfully increase visibility and remove ambiguity, surrounding the security events and risks that an organization faces. By providing SIEM as a service under SecaaS, the provider has to be able to accept log and event information, customer information and event feeds, and conduct information security analysis, correlation, and support incident response. By providing flexible real-time access to SIEM information, it allows the party consuming the SIEM service to identify threats acting against their environment cloud. This identification then allows for the appropriate action and response to be taken to protect or mitigate the threat. The simple step of increasing visibility and removing ambiguity is a powerful tool to understanding the information security risks that an organization is facing.

Download Full-text

ANALYSIS OF ROUTER ATTACK WITH SECURITY INFORMATION AND EVENT MANAGEMENT AND IMPLICATIONS IN INFORMATION SECURITY INDEX

Cyber Security dan Forensik Digital ◽

10.14421/csecurity.2019.2.1.1388 ◽

2019 ◽

Vol 2 (1) ◽

pp. 1-7

Author(s):

CITRA ARFANUDIN ◽

Bambang Sugiantoro ◽

Yudi Prayudi

Keyword(s):

Information Security ◽

Forensic Analysis ◽

Event Management ◽

Information Security Management System ◽

Security Information ◽

Information Assets ◽

Security Index ◽

Syn Flooding ◽

The Government ◽

The Impact

Information security is a need to secure organizational information assets. The government as the regulator issues an Information Security Management System (ISMS) and Information Security Index (US) as a measure of information security in the agency of a region. Security Information and Event Management (SIEM) is a security technology to secure information assets. SIEM is expected to provide information on attacks that occur on the router network and increase the value of the Indeks KAMI of government agencies. However, the use of SIEM is still questionable whether it can recognize a router attack and its impact on the value of our index. This research simulates attacks on routers with 8 attacks namely Mac Flooding, ARP-Poisoning, CDP Flooding, DHCP Starvation, DHCP Rogue, SYN Flooding SSH Bruteforce and FTP Bruteforce. 8 types of attacks followed by digital forensic analysis using the OSCAR method to see the impact on routers and SIEM. Also measured is index KAMI before and after the SIEM to be able to measure the effect of SIEM installation on the value of index KAMI. It was found that the use of SIEM to conduct security monitoring proved successful in identifying attacks, but not all were recognized by SIEM. SIEM only recognizes DHCP Starvation, DHCP Rogue, SSH Bruteforce and FTP Bruteforce. Mac Flooding, ARP-Poisoning, CDP Flooding, SYN Flooding attacks are not recognized by SIEM because routers do not produce logs. Also obtained is the use of SIEM proven to increase our index from the aspect of technology

Download Full-text

Application of security information and event management technology for information security in critical infrastructures

SPIIRAS Proceedings ◽

10.15622/sp.20.2 ◽

2014 ◽

Vol 1 (20) ◽

pp. 27

Author(s):

Igor Vitalievich Kotenko ◽

Igor Borisovich Saenko ◽

Olga Vitalievna Polubelova ◽

Andrey Alexeevich Chechulin

Keyword(s):

Information Security ◽

Critical Infrastructures ◽

Event Management ◽

Management Technology ◽

Security Information

Download Full-text

MODERN INFORMATION SECURITY ANALYSIS: INTEGRATION OF BEST PRACTICES AND TECHNOLOGIES INTO ADMINISTRATIVE AND LEGAL MEASURES

International Humanitarian Journal – Sophia Prima: dialogue of eternal recurrence ◽

10.34170/2707-370x-2020-31-38 ◽

2020 ◽

Vol 2 (1(3)) ◽

pp. 31-38

Author(s):

Serhii Lysenko

Keyword(s):

Information Security ◽

Security Analysis ◽

Nobel Laureate ◽

Protected Object ◽

Security Information ◽

Modern Information ◽

Step Algorithm ◽

High Dynamics ◽

Direct Attack ◽

Subsequent Identification

The article is devoted to modern approaches to the analysis of information security and the search for the most effective practices and technologies for countering threats using administrative and legal measures. The article proposes an information security concept based on several advanced administrative and legal measures, which includes an examination of a number of threat response cycles and with a direct attack on the protected object. Given the high dynamics of modern information processes and the accompanying information threats, it is necessary to have such a complex of measures to counter threats, which would allow not only to respond to threats, but also to predict them. The author, referring to the approaches of the Nobel laureate in economics Daniel Kahneman, on the distribution of decisions into "fast" and "slow", suggests combining the response to attacks with the accumulation of information, for the subsequent identification of the most unprotected elements and predicting future attacks. In particular, the proposed process of responding to attacks, which consists of the following stages of administrative and legal measures: preparation; identification and analysis; localization, elimination of the threat; recovery of activity after an incident. Attention is focused on the need, after the expiration of this four-step algorithm, to consider the initial data for subsequent use in each appropriate period when repeating the cycle. Special attention is devoted to the importance of transmitting data on unlawful attacks to the information collection system, which requires careful planning and coordination between numerous operations and structures. Such a process usually occurs due to well-coordinated administrative and legal measures in organizations, regulated by corporate norms, based on current legislation. Keywords: information security, information threats, administrative and legal measures, forecasting information threats, information and analytical activities

Download Full-text

Features of architecture of security assessment complexes

Informacionno-technologicheskij vestnik ◽

10.21499/2409-1650-2019-2-110-116 ◽

2019 ◽

pp. 110-116

Author(s):

N. A. Kravchenko

Keyword(s):

Information Security ◽

Assessment Tools ◽

Security Assessment ◽

Event Management ◽

Test Plan ◽

Ishikawa Diagram ◽

Its Analysis ◽

Factors Influencing ◽

Security Information

The article analyzes the tasks of combating threats in the information field and the place of security assessment tools in their context. The features of the architecture of the assessment complexes of various information security tools are analyzed. For an example of assessing the Security information and event management (SIEM), Ishikawa diagram was constructed. On the basis of its analysis, conclusions were drawn about the factors influencing the implementation of the test plan.

Download Full-text

Strengthen the Security Management of Customer Information in the Virtual Banks of Hong Kong through Business Continuity Management to Maintain Its Business Sustainability

Sustainability ◽

10.3390/su131910918 ◽

2021 ◽

Vol 13 (19) ◽

pp. 10918

Author(s):

Haosheng Chen ◽

Daniel Tse ◽

Pengfei Si ◽

Gefei Gao ◽

Chang Yin

Keyword(s):

Hong Kong ◽

Information Security ◽

Case Studies ◽

Business Continuity ◽

Security Risks ◽

Business Sustainability ◽

Regulatory Policies ◽

Customer Information ◽

Business Continuity Management ◽

Questionnaire Surveys

This article looks at studies on how to use business continuity management for Hong Kong’s virtual banks in order to reduce customer information risks, so as to maintain business sustainability. Firstly, the development of virtual banks in Hong Kong were investigated, the laws and regulations and regulatory policies of Hong Kong and the Mainland were benchmarked, and the main risks that may occur and be harmful to the bank business sustainability were analyzed. Considering the characteristics of virtual banks, the main concerns of public customers about the IT risks of virtual banks through questionnaire surveys were collected and analyzed. Moreover, the importance of business continuity management to virtual banks was drawn. Secondly, in the case studies, via understanding the overall situation of WeBank, its performance during the COVID-19 pandemic, and the regulations of the Monetary Authority of Singapore, the practice standards of virtual banks in business continuity management were further clarified. At the end, three suggestions for virtual banks in Hong Kong were put forward to reduce customer information security risks through business continuity management, thereby maintaining its business sustainability.

Download Full-text

Security Information and Risk Management Assessment

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.809-810.1522 ◽

2015 ◽

Vol 809-810 ◽

pp. 1522-1527 ◽

Cited By ~ 1

Author(s):

Nicolae Anton ◽

Anișor Nedelcu

Keyword(s):

Risk Management ◽

Information Security ◽

Management System ◽

Structural Characteristics ◽

Security Risks ◽

Information Security Management ◽

Information Security Management System ◽

Optimal Values ◽

Security Information ◽

Security Modeling

This work approaches the assessment of the security and information risks in order to find the optimal values of the risks by applying and comparing different methods to measure and assess the security risks. By describing structural characteristics of standards and methods implemented in the information security management system (ISMS), this paper underlines the necessity, means and effectiveness of information security modeling. The conclusions of this paper highlights the importance of standards and methods of risk management assessment.

Download Full-text

Open challenges in visual analytics for security information and event management

Information and Control Systems ◽

10.31799/1684-8853-2019-2-57-67 ◽

2019 ◽

pp. 57-67

Author(s):

E. S. Novikova ◽

I. V. Kotenko

Keyword(s):

Visual Analytics ◽

Event Management ◽

Security Information

Download Full-text

THE NEW SECURITY CHALLENGES OF INFORMATION WAR

Knowledge International Journal ◽

10.35120/kij28061855o ◽

2018 ◽

Vol 28 (6) ◽

pp. 1855-1864

Author(s):

Olga Zoric ◽

Katarina Jonev ◽

Ivan Rancic

Keyword(s):

Information Security ◽

United States Of America ◽

The United States ◽

Practical Aspect ◽

Information Warfare ◽

Operational Environment ◽

Security Challenges ◽

Information Operations ◽

The Russian Federation ◽

The Republic

The author starts from the informational dimension of the operational environment in a strategic reality and deal with the problem of defining informational power from the theoretical and practical aspect of information warfare.The deliberations in the work are aimed to initiate a procedure for auditing of the security documents in order to create a legal basis for the operationalization of the content of information security, as one of the aspects of integral security of the Republic of Serbia. The paper deals with the conceptual determinations and importance of information, information warfare and information operations, as well as the content of information warfare, pointing out the strategic and doctrinal definitions of the information warfare of the United States of America, the Russian Federation and the Republic of Serbia. It is necessary to accurately and objectively observe world achievements in the field of national security and the relation of the most powerful world powers to the problem of information warfare. Based on a comparative analysis of world trends and the state of the theoretical and practical aspects of information security of the Republic of Serbia, the focus is on work, where measures are proposed to improve the security function in the fourth unit of work.

Download Full-text

The Market Value and Reputational Effects from Lost Confidential Information

International Journal of Financial Management ◽

10.21863/ijfm/2015.5.4.020 ◽

2015 ◽

Vol 5 (4) ◽

Cited By ~ 2

Author(s):

Joseph K. Tanimura ◽

Eric W. Wehrly

Keyword(s):

Information Security ◽

Market Value ◽

Direct Costs ◽

Publicly Traded ◽

Confidential Information ◽

Publicly Traded Companies ◽

Security Breaches ◽

Customer Information ◽

Employee Information

According to many business publications, firms that experience information security breaches suffer substantial reputational penalties. This paper examines incidents in which confidential information, for a firms customers or employees, is stolen from or lost by publicly traded companies. Firms that experience such breaches suffer statistically significant losses in the market value of their equity. On the whole, the data indicate that these losses are of similar magnitudes to the direct costs. Thus, direct costs, and not reputational penalties, are the primary deterrents to information security breaches. Contrary to many published assertions, on average, firms that lose customer information do not suffer reputational penalties. However, when firms lose employee information, we find significant reputational penalties.

Download Full-text

Patients' Perceptions of Different Information Exchange Mechanisms: An Exploratory Study in the United States

Methods of Information in Medicine ◽

10.1055/s-0040-1721784 ◽

2020 ◽

Vol 59 (04/05) ◽

pp. 162-178

Author(s):

Pouyan Esmaeilzadeh

Keyword(s):

United States ◽

Health Care ◽

Health Information ◽

Health Care Providers ◽

Information Exchange ◽

The United States ◽

Exchange Mechanism ◽

Care Providers ◽

Security Risks ◽

Direct Exchange

Abstract Background Patients may seek health care services from various providers during treatment. These providers could serve in a network (affiliated) or practice separately (unaffiliated). Thus, using secure and reliable health information exchange (HIE) mechanisms would be critical to transfer sensitive personal health information (PHI) across distances. Studying patients' perceptions and opinions about exchange mechanisms could help health care providers build more complete HIEs' databases and develop robust privacy policies, consent processes, and patient education programs. Objectives Due to the exploratory nature of this study, we aim to shed more light on public perspectives (benefits, concerns, and risks) associated with the four data exchange practices in the health care sector. Methods In this study, we compared public perceptions and expectations regarding four common types of exchange mechanisms used in the United States (i.e., traditional, direct, query-based, patient-mediated exchange mechanisms). Traditional is an exchange through fax, paper mailing, or phone calls, direct is a provider-to-provider exchange, query-based is sharing patient data with a central repository, and patient-mediated is an exchange mechanism in which patients can access data and monitor sharing. Data were collected from 1,624 subjects using an online survey to examine the benefits, risks, and concerns associated with the four exchange mechanisms from patients' perspectives. Results Findings indicate that several concerns and risks such as privacy concerns, security risks, trust issues, and psychological risks are raised. Besides, multiple benefits such as access to complete information, communication improvement, timely and convenient information sharing, cost-saving, and medical error reduction are highlighted by respondents. Through consideration of all risks and benefits associated with the four exchange mechanisms, the direct HIE mechanism was selected by respondents as the most preferred mechanism of information exchange among providers. More than half of the respondents (56.18%) stated that overall they favored direct exchange over the other mechanisms. 42.70% of respondents expected to be more likely to share their PHI with health care providers who implemented and utilized a direct exchange mechanism. 43.26% of respondents believed that they would support health care providers to leverage a direct HIE mechanism for sharing their PHI with other providers. The results exhibit that individuals expect greater benefits and fewer adverse effects from direct HIE among health care providers. Overall, the general public sentiment is more in favor of direct data transfer. Our results highlight that greater public trust in exchange mechanisms is required, and information privacy and security risks must be addressed before the widespread implementation of such mechanisms. Conclusion This exploratory study's findings could be interesting for health care providers and HIE policymakers to analyze how consumers perceive the current exchange mechanisms, what concerns should be addressed, and how the exchange mechanisms could be modified to meet consumers' needs.

Download Full-text