Socio-Technical SIEM (ST-SIEM)

Author:

AlSabbagh Bilal1,Kowalski Stewart2

Affiliation:

1. Department of Computer and Systems Sciences, Stockholm University, Stockholm, Sweden

2. Department of Information Security and Communication Technology, Norwegian University of Science and Technology, Gjøvik, Norway

Abstract

This article discusses the design and specifications of a Socio-Technical Security Information and Event Management System (ST-SIEM). This newly-developed artifact addresses an important limitation identified in today incident response practice—the lack of sufficient context in actionable security information disseminated to constituent organizations. ST-SIEM tackles this limitation by considering the socio-technical aspect of information systems security. This concept is achieved by correlating the technical metrics of security warnings (which are generic in nature, and the sources of which are sometimes unknown) with predefined social security metrics (used for modeling the security culture of constituent organizations). ST-SIEM, accordingly, adapts the risk factor of the triggered security warning based on each constituent organization security culture. Moreover, the artifact features several socio-technical taxonomies with an impact factor to support organizations in classifying, reporting, and escalating actionable security information. The overall project uses design science research as a framework to develop the artifact.

Publisher

IGI Global

Subject

General Engineering

Reference23 articles.

1. Incident response teams – Challenges in supporting the organisational security function

2. AlienVault. (2014). SIEM for Beginners. Retrieved from https://www.alienvault.com/ resource-center/white-papers/siem-for-beginners

3. A cultural adaption model for global cyber security warning systems.;B.Alsabbagh;Proceedings of 5th International Conference on Communications, Networking and Information Technology,2011

4. Developing social metrics for security – Modeling the security culture of IT workers individuals (case study).;B.AlSabbagh;Proceedings of the 5th International Conference on Communications, Computers and Applications (MIC-CCA 2012),2012

5. Alsabbagh, B., & Kowalski, S. (2012b). ST(CS)2 – Featuring socio-technical cyber security warning systems. In Proceedings of Cyber Security, Cyber Warfare and Digital Forensic (CyberSec),2012 International Conference. Kuala Lumpur, Malaysia: IEEE.

Cited by 4 articles. 订阅此论文施引文献 订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献

1. Evaluating Incident Response in Csirts Using Cube Socio-Technical Systems Analysis;2024

2. Model-Based Incident Response Playbooks;Proceedings of the 17th International Conference on Availability, Reliability and Security;2022-08-23

3. Intrusion Detection & Incident Response for Information Security: Technologies and Challenges;2022 2nd International Conference on Advance Computing and Innovative Technologies in Engineering (ICACITE);2022-04-28

4. Empirical Study on the Influence of Security Control Management and Social Factors in Deterring Information Security Misbehaviour;Journal of Physics: Conference Series;2020-05-01

同舟云学术

1.学者识别学者识别

2.学术分析学术分析

3.人才评估人才评估

"同舟云学术"是以全球学者为主线,采集、加工和组织学术论文而形成的新型学术文献查询和分析系统,可以对全球学者进行文献检索和人才价值评估。用户可以通过关注某些学科领域的顶尖人物而持续追踪该领域的学科进展和研究前沿。经过近期的数据扩容,当前同舟云学术共收录了国内外主流学术期刊6万余种,收集的期刊论文及会议论文总量共计约1.5亿篇,并以每天添加12000余篇中外论文的速度递增。我们也可以为用户提供个性化、定制化的学者数据。欢迎来电咨询!咨询电话:010-8811{复制后删除}0370

www.globalauthorid.com

TOP

Copyright © 2019-2024 北京同舟云网络信息技术有限公司
京公网安备11010802033243号  京ICP备18003416号-3