SIEM‐based framework for security controls automation

Montesino, Raydel; Fenz, Stefan; Baluja, W

doi:10.1108/09685221211267639

Cited by 21 publications

(13 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…NIST SP 800-53 enabled these goals to be met through the streamlining of existing practices and improving documentation. The scalable nature of NIST CSF was applicable to the differing scope and IT requirements of each department within the University SIEM-based framework for security controls automation [26] The potential of using SIEM technology is investigated with the aim of maximising security-control automation. For the security controls identified in NIST SP 800-53, approximately 30% of these controls were considered as having the capability of automation control.…”

Section: Related Frameworkmentioning

confidence: 99%

A security review of local government using NIST CSF: a case study

et al. 2018

View full text Add to dashboard Cite

Evaluating cyber security risk is a challenging task regardless of an organisation's nature of business or size, however, an essential activity. This paper uses the National Institute of Standards and Technology (NIST) cyber security framework (CSF) to assess the cyber security posture of a local government organisation in Western Australia. Our approach enabled the quantification of risks for specific NIST CSF core functions and respective categories and allowed making recommendations to address the gaps discovered to attain the desired level of compliance. This has led the organisation to strategically target areas related to their people, processes, and technologies, thus mitigating current and future threats.

show abstract

Section: Related Frameworkmentioning

confidence: 99%

A security review of local government using NIST CSF: a case study

et al. 2018

View full text Add to dashboard Cite

show abstract

“…Moreover, as can be seen in Figure 3 , the two intrusion detection engines are included in a SIEM, which have to be deployed within the city council network premises. In the enterprise context, system administrators are successfully using SIEM technology to reduce the complexity of the security administration and to automate certain tasks and security controls, such as log management, system monitoring, malware protection, vulnerability scanning, security configuration assessment and incident management [ 27 ]. Furthermore, SIEM systems offer big data collection, storage and processing services, and therefore, this guarantees the scalability of the framework’s architecture.…”

Section: Intrusion Detection Frameworkmentioning

confidence: 99%

Attack Classification Schema for Smart City WSNs

Garcia-Font

Garrigues

Rifà-Pous

2017

Sensors

View full text Add to dashboard Cite

Urban areas around the world are populating their streets with wireless sensor networks (WSNs) in order to feed incipient smart city IT systems with metropolitan data. In the future smart cities, WSN technology will have a massive presence in the streets, and the operation of municipal services will be based to a great extent on data gathered with this technology. However, from an information security point of view, WSNs can have failures and can be the target of many different types of attacks. Therefore, this raises concerns about the reliability of this technology in a smart city context. Traditionally, security measures in WSNs have been proposed to protect specific protocols in an environment with total control of a single network. This approach is not valid for smart cities, as multiple external providers deploy a plethora of WSNs with different security requirements. Hence, a new security perspective needs to be adopted to protect WSNs in smart cities. Considering security issues related to the deployment of WSNs as a main data source in smart cities, in this article, we propose an intrusion detection framework and an attack classification schema to assist smart city administrators to delimit the most plausible attacks and to point out the components and providers affected by incidents. We demonstrate the use of the classification schema providing a proof of concept based on a simulated selective forwarding attack affecting a parking and a sound WSN.

show abstract

“…There is no exact definition for SIM, but relevant sources explain it from several different perspectives. One of possible aspects was brought by Montesion, Fenz a Baluja [1], who defined SIM as:…”

Section: A Sim and Semmentioning

confidence: 99%

“…Each SIEM system has a method for data normalization, its own process for creating evaluation rules. A common feature of these rules is presence of boolean type [1]. Complex rules can be created by combination of two or more partial rules.…”

Section: ) Correlation Enginementioning

confidence: 99%

Security information and event management in the cloud computing infrastructure

Pavlik

Komarek

Soběslav

2014

2014 IEEE 15th International Symposium on Computational Intelligence and Informatics (CINTI)

View full text Add to dashboard Cite

Security of information systems is a current topic. In the case of cloud environment it is even a critical factor. In large environments like the cloud computing systems, it can be difficult to maintain a comprehensive view of the safety of the individual elements. For this reason, the utilization of technology that would allow central monitoring and that would help to maintain this awareness. Such technology is precisely Security Information and Event Management (SIEM). The main objective of this paper is to analyze the possibilities and approaches of SIEM in terms of technical requirements, logic and legal framework of the Czech Republic. On the analytical basis, the framework, which is bounding the utilization of SIEM in a cloud computing environment is proposed.More advanced systems can even initiate necessary action themselves on the basis of definition of rules, which can shift the effectiveness of the solution even further [4]. B. Advantages of SIEMSubsection I-A describes SIM and SEM separately. This subsection looks at this domain as a complex system and shows

show abstract

SIEM‐based framework for security controls automation

Abstract: Article information:To cite this document: Raydel Montesino, Stefan Fenz, Walter Baluja, (2012),"SIEM-based framework for security controls automation"

Cited by 21 publications

References 17 publications

A security review of local government using NIST CSF: a case study

A security review of local government using NIST CSF: a case study

Attack Classification Schema for Smart City WSNs

Security information and event management in the cloud computing infrastructure

Contact Info

Product

Resources

About