13,121 Hits in 2.8 sec

Workflow Based Security Incident Management [chapter]

Meletis A. Belsis, Alkis Simitsis, Stefanos Gritzalis
2005 Lecture Notes in Computer Science  
Security incident management is one of the critical areas that offers valuable information to security experts, but still lacks much development.  ...  This paper presents an architecture based on advance database techniques, able to collect incident related information from different sources.  ...  In this paper, we present a novel centralized incident management system based on advance Extraction Transformation Loading (ETL) database techniques.  ... 
doi:10.1007/11573036_65 fatcat:jma6qff5tbeirndcjjx3z57os4

The Design and Construction of Decision-Making Command System for Digital Oilfield Emergency Drill

Qi Zhilin, Cao Lei
2011 Procedia Environmental Sciences  
Unexpected security incidents are the crisis of non-equilibrium state, leading the society deviate from the normal track.  ...  In the state of emergency, the relevant management departments will make rapid and accurate decisionmakings, which based on the latest status and the feedback information.  ... 
doi:10.1016/j.proenv.2011.12.006 fatcat:jlv7hvhjvzautlh6pmsjjna24u

security-operations-maturity-model-white-paper.pdf [article]

Haren Santiago
2020 Figshare  
: Capabilities enabling security teams to engage in highly confidential, collaborative, and efficient workflows with a centralized and secure case management facility for managing and accelerating threat  ...  The LogRhythm Security Operations Maturity Model LogRhythm has developed a Security Operations Maturity Model (SOMM)based on LogRhythm's Threat Lifecycle Management (TLM) framework -that can be used to  ... 
doi:10.6084/m9.figshare.11808192.v1 fatcat:ipxkeuhexjd45nknkkghn7ttfy

A Multi-Vocal Review of Security Orchestration

Chadni Islam, Muhammad Ali Babar, Surya Nepal
2019 ACM Computing Surveys  
We have also identified the core components of a security orchestration platform and categorized the drivers of security orchestration based on technical and socio-technical aspects.  ...  We also provide a taxonomy of security orchestration based on the execution environment, automation strategy, deployment type, mode of task and resource type.  ...  ForeScout has built CounterACT that uses a rule engine and a workflow engine to automate the workflow for instant decision making to deal with security incidents [101] .  ... 
doi:10.1145/3305268 fatcat:gravwvdylvc6rd5co3lrpgaelu

AI/ML in Security Orchestration, Automation and Response: Future Research Directions

Johnson Kinyua, Lawrence Awuah
2021 Intelligent Automation and Soft Computing  
, and applications in response to security incidents to empower SOC teams.  ...  Today's cyber defense capabilities in many organizations consist of a diversity of tools, products, and solutions, which are very challenging for Security Operations Centre (SOC) teams to manage in current  ...  and suboptimal incident response processes and security management in general.  ... 
doi:10.32604/iasc.2021.016240 fatcat:4c2dgerxwzhonn3xyypyyekmjq

A Tale of Three Security Operation Centers

Sathya Chandran Sundaramurthy, Jacob Case, Tony Truong, Loai Zomlot, Marcel Hoffmann
2014 Proceedings of the 2014 ACM Workshop on Security Information Workers - SIW '14  
Security researchers have been trying to understand functioning of a security operation center (SOC) and how security analysts perform their job.  ...  Much work towards this direction has been through interviews of security analysts in SOCs.  ...  New analysts are trained until the senior analyst and SOC manager agree that additional training is unnecessary. SOC Workflow The SOC follows a workflow built around an incident management system.  ... 
doi:10.1145/2663887.2663904 dblp:conf/ccs/SundaramurthyCT14 fatcat:mavvz7vorvae3ka7skns64csey

Cyber Threat Information Classification and Life Cycle Management using Smart Contracts

Roman Graf, Ross King
2018 Proceedings of the 4th International Conference on Information Systems Security and Privacy  
We demonstrate how the presented techniques can be applied to support incident handling tasks performed by security operation centers (SOCs).  ...  To be effective in identifying and defeating future cyber-attacks, cyber analysts require novel tools for incident report classification and life cycle management that can automatically analyse and share  ...  The goal of this evaluation was to leverage the domain expert knowledge base for cyber incident classification and management as described in the workflow (see Fig. 2) , pointing out threat level relevant  ... 
doi:10.5220/0006605203040311 dblp:conf/icissp/GrafK18 fatcat:evibt4qeezevvjvaoxu4lfntxm

ATHAFI: Agile Threat Hunting And Forensic Investigation [article]

Rami Puzis and Polina Zilberman and Yuval Elovici
2020 arXiv   pre-print
The combination of Attack Hypotheses Generation and Workflows Generation enables intelligent adjustment of workflows, which react to emerging threats effectively.  ...  Unfortunately, many organization do not have enough security analysts to perform threat hunting tasks and today the level of automation of threat hunting is low.  ...  The command and control unit (C&C), operated by the security analysts, is responsible for managing the workflows.  ... 
arXiv:2003.03663v1 fatcat:3wwi6wkuprgibk3hteyymgggjy

Autonomic Cloud Computing: Open Challenges and Architectural Elements [article]

Rajkumar Buyya, Rodrigo N. Calheiros, Xiaorong Li
2012 arXiv   pre-print
They need automated and integrated intelligent strategies for provisioning of resources to offer services that are secure, reliable, and cost-efficient.  ...  We present a conceptual architecture and early results evidencing the benefits of autonomic management of Clouds.  ...  We would like to thank our colleagues Jia Yu, Suraj Pandey, Sifei Lu, Long Wang, Henry Palit, and Qin Zheng for their contribution towards Workflow Engine.  ... 
arXiv:1209.3356v1 fatcat:mz5w7lvhbzb3rof6w2psls5fcq

Critical Challenges to Information Security & Guidelines to use Responsive Service Now Plat-form

2020 International journal of recent technology and engineering  
The main aim of this paper is to track the risk, make security comparisons in Traditional approach vs Modern approach and reasons to choose service.  ...  Workflows are essential to ensure that your security runbook is adhered to.  ...  Automated workflows help to route requests from security analysts to the right IT people.  ... 
doi:10.35940/ijrte.e5630.018520 fatcat:sve4txl7djflrb5w5hb4bx4lby

Assessing the Safety of Custom Web-Based Clinical Decision Support Systems in Electronic Health Records: A Case Study

Jeritt Thayer, Jeffrey Miller, Alexander Fiks, Linda Tague, Robert Grundmeier
2019 Applied Clinical Informatics  
Results We identified five CDS malfunctions that impaired clinical workflow.  ...  Additional feedback on the root cause of individual incidents was obtained through interviews with members of the CDS project teams.  ...  Major incidents at CHOP are distinguished from routine incidents based on how they are created and the severity of their impact on clinical workflow.  ... 
doi:10.1055/s-0039-1683985 pmid:30943572 pmcid:PMC6447398 fatcat:5at6kowwvbcjblqgtje4pci6ka

Monitoring and Improving Managed Security Services inside a Security Operation Center

Mina Khalili, Mengyuan Zhang, Daniel Borbor, Lingyu Wang, Nicandro Scarabeo, Michel-Ange Zamor
2019 EAI Endorsed Transactions on Security and Safety  
Monitoring and improving the performance of Security Operation Centers (SOC) are becoming crucial due to the emerging need of benefiting from Managed Security Services (MSS) rather than hiring in-house  ...  security experts.  ...  EVS, MI, BFA and PV investigation types take more time to gather indications to create an incident than 11 Monitoring and Improving Managed Security Services inside a Security For almost all investigation  ... 
doi:10.4108/eai.8-4-2019.157413 fatcat:cebbjhlo5rg6raogpunrgppbpu

An Intelligent Control Architecture for Adaptive Service-Based Software Systems with Workflow Patterns

Chang-Hai Jiang, Hai Hu, Kai-Yuan Cai, Dazhi Huang, Stephen S. Yau
2008 2008 32nd Annual IEEE International Computer Software and Applications Conference  
Systems based on SOA are called Service-based Systems (SBS).  ...  This architecture has three layers based on the intelligent control theory for developing and deploying SBS.  ...  Workflow Management When the controller in the workflow management layer receives a task from the user management layer, the workflow management selects a workflow pattern from a set of workflow patterns  ... 
doi:10.1109/compsac.2008.184 dblp:conf/compsac/JiangHCHY08 fatcat:64duergelva6hitmlp4vupsw6y

Use of organisational topologies for forensic investigations

George Grispos, Sorren Hanvey, Bashar Nuseibeh
2017 Proceedings of the 1st ACM SIGSOFT International Workshop on Software Engineering and Digital Forensics - SERF 2017  
In today's highly regulated business environment, it is becoming increasingly important that organisations implement forensic-ready systems and architectures to aid the investigation of security incidents  ...  Furthermore, knowing the topology of an organisation's structure can also assist investigators identify stakeholders that could be of interest to an investigation, based on their relationship to the asset  ...  to the Security Manager (IS) and can authorise them to perform a task).  ... 
doi:10.1145/3121252.3121253 dblp:conf/sigsoft/GrisposHN17 fatcat:fuuaqq7tqrdwtlbr5ps3aoyyze

Integrated Security Incident Management -- Concepts and Real-World Experiences

Stefan Metzger, Wolfgang Hommel, Helmut Reiser
2011 2011 Sixth International Conference on IT Security Incident Management and IT Forensics  
A formally specified security incident response (SIR) process serves as the basis that clearly defines responsibilities, workflows, and interfaces.  ...  We present a holistic, process-oriented approach to ISO/IEC 27001 compliant security incident management that integrates multiple state-of-the-art security tools and has been applied to a real-world scenario  ...  -------------------------- Figure 3 . 3 The workflow of our Security Incident Response Process Figure 4 . 4 Integrated management of security incidents -LRZ example Figure 5 . 5 Percentage distribution  ... 
doi:10.1109/imf.2011.15 dblp:conf/imf/MetzgerHR11 fatcat:lb773umryvbfhownchdbf7pmfa
« Previous Showing results 1 — 15 out of 13,121 results