Tyck till om SwePub Sök
här!
Sökning: id:"swepub:oai:DiVA.org:su-153268" >
A Framework and Pro...
A Framework and Prototype for A Socio-Technical Security Information and Event Management System (ST-SIEM)
-
- Al Sabbagh, Bilal (författare)
- Stockholms universitet,Institutionen för data- och systemvetenskap
-
- Kowalski, Stewart (författare)
- Norwegian University of Science and Technology, Norway
-
(creator_code:org_t)
- IEEE Computer Society, 2016
- 2016
- Engelska.
-
Ingår i: 2016 European Intelligence and Security Informatics Conference. - : IEEE Computer Society. - 9781509028573 ; , s. 192-195
- Relaterad länk:
-
https://urn.kb.se/re...
-
visa fler...
-
https://doi.org/10.1...
-
visa färre...
Abstract
Ämnesord
Stäng
- In this short paper we present a socio-technical framework for integrating a security risk escalation maturity model into a security information and event management system. The objective of the framework is to develop the foundations for the next generation socio-technical security information and event management systems (ST-SIEMs) enabling socio-technical security operations centers (ST-SOCs). The primary benefit of the socio-technical framework is twofold: supporting organizations in overcoming the identified limitations in their security risk escalation maturity, and supporting SOCs in overcoming the limitations of their SIEMs. The risk escalation maturity level is quantified using metrics. These metrics are then used by SIEMs for cross correlating security events before they are disseminated to respective organizations. Typical SIEMs in use today calculate security events using generic risk factors not necessarily relevant for every organization. The proposed framework can enable security administrators to effectively and efficiently manage security warnings and to establish necessary countermeasures.
Ämnesord
- SAMHÄLLSVETENSKAP -- Medie- och kommunikationsvetenskap -- Systemvetenskap, informationssystem och informatik med samhällsvetenskaplig inriktning (hsv//swe)
- SOCIAL SCIENCES -- Media and Communications -- Information Systems, Social aspects (hsv//eng)
Nyckelord
- SIEM
- Socio-Technical SIEM
- SOC
- Risk Escalation
- Computer and Systems Sciences
- data- och systemvetenskap
Publikations- och innehållstyp
- ref (ämneskategori)
- kon (ämneskategori)
Hitta via bibliotek
Till lärosätets databas