Managing Security: The Security Content Automation Protocol

Radack, Shirley M.; Kuhn, Rick

doi:10.1109/mitp.2011.11

Cited by 28 publications

(18 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Security Automation: One objective of acquiring detailed up-to-date asset information is to support the automation of IT-related security processes [28]. The National Institute of Standards and Technology (NIST) in cooperation with the Massachusetts Institute of Technology Research Establishment (MITRE) provide the Security Content Automation Protocol (SCAP), a multipurpose approach which enables e.g.…”

Section: Related Workmentioning

confidence: 99%

IO: An Interconnected Asset Ontology in Support of Risk Management Processes

Birkholz

Sieverdingbeck

Sohr

et al. 2012

2012 Seventh International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

Asset information obtained via infrastructure analysis is essential for developing and establishing risk management. However, information about assets acquired by existing infrastructure analysis processes is often incomplete or lacking in detail, especially concerning their interconnected topology. In this paper, we present the Interconnected-asset Ontology, IO, as a step towards a standardized representation of detailed asset information. The utilization of an asset ontology as a machine-readable representation supports the automation of risk management processes and the standardization of asset information reduces redundant acquisition processes that are often found in practice.

show abstract

Section: Related Workmentioning

confidence: 99%

IO: An Interconnected Asset Ontology in Support of Risk Management Processes

Birkholz

Sieverdingbeck

Sohr

et al. 2012

2012 Seventh International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

show abstract

“…These efforts resulted in the definition of Security Content Automation Protocol (SCAP). Papers related to SCAP are [1], [2] and [3]. The scope of this protocol is primarily intended to patch, configuration, vulnerability and compliance management.…”

Section: Related Workmentioning

confidence: 99%

Information Security Automation: How Far Can We Go?

Montesino

Fenz

2011

2011 Sixth International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

Abstract-Information security management is a very complex task which involves the implementation and monitoring of more than 130 security controls. To achieve greater efficiency in this process it is necessary to automate as many controls as possible. This paper provides an analysis of how many controls can be automated, based on the standards ISO 27001 and NIST SP800-53. Furthermore, we take the automation potential of controls included in the Consensus Audit Guidelines into account. Finally, we provide an overview of security applications that support automation in the operation of information security controls to increase the efficiency of information security management.

show abstract

“…Kotenko et al [66] also discuss the various standards used by SIEMs to represent security events and incidents in standardized formats: SCAP [68], Common Base Event (CBE) [69], and Common Information Model (CIM) [70]. One of the main design motivations of SIEM technology is that vendors will typically try to ensure all the security data sensor sources have as common a format as possible in order to minimize the amount of "data fusion" analysis that needs to be performed.…”

Section: Security Information and Event Management Systemsmentioning

confidence: 99%

Intrusion detection and Big Heterogeneous Data: a Survey

Zuech

Khoshgoftaar

Wald

2015

Journal of Big Data

238

100

View full text Add to dashboard Cite

Intrusion Detection has been heavily studied in both industry and academia, but cybersecurity analysts still desire much more alert accuracy and overall threat analysis in order to secure their systems within cyberspace. Improvements to Intrusion Detection could be achieved by embracing a more comprehensive approach in monitoring security events from many different heterogeneous sources. Correlating security events from heterogeneous sources can grant a more holistic view and greater situational awareness of cyber threats. One problem with this approach is that currently, even a single event source (e.g., network traffic) can experience Big Data challenges when considered alone. Attempts to use more heterogeneous data sources pose an even greater Big Data challenge. Big Data technologies for Intrusion Detection can help solve these Big Heterogeneous Data challenges. In this paper, we review the scope of works considering the problem of heterogeneous data and in particular Big Heterogeneous Data. We discuss the specific issues of Data Fusion, Heterogeneous Intrusion Detection Architectures, and Security Information and Event Management (SIEM) systems, as well as presenting areas where more research opportunities exist. Overall, both cyber threat analysis and cyber intelligence could be enhanced by correlating security events across many diverse heterogeneous sources.

show abstract

Managing Security: The Security Content Automation Protocol

Cited by 28 publications

References 0 publications

IO: An Interconnected Asset Ontology in Support of Risk Management Processes

IO: An Interconnected Asset Ontology in Support of Risk Management Processes

Information Security Automation: How Far Can We Go?

Intrusion detection and Big Heterogeneous Data: a Survey

Contact Info

Product

Resources

About