Access the full text.
Sign up today, get DeepDyve free for 14 days.
Loading next page...
/lp/emerald-publishing/siem-based-framework-for-security-controls-automation-uaMH5078MT
References (34)
-
R.A. Martin (2008)
Making security measurable and manageableMILCOM 2008 - 2008 IEEE Military Communications Conference
-
ISO/IEC
ISO/IEC 27001: Information Technology – Security Techniques – Information Security Management Systems – Requirements -
A. Chuvakin
SIEM: moving beyond compliance -
M. Nicolett, K.M. Kavanagh
Magic Quadrant for Security Information and Event Management -
10.6028/NIST.SP.800-117
-
Miguel Lopes, António Costa, Bruno Dias (2009)
Automated network services configuration management2009 IFIP/IEEE International Symposium on Integrated Network Management-Workshops
-
N. Agoulmine (2011)
Autonomic network management principles : from concepts to applications -
H. Karlzén
An Analysis of Security Information and Event Management Systems -
Gerhard Koschorreck (2011)
Automated Audit of Compliance and Security Controls2011 Sixth International Conference on IT Security Incident Management and IT Forensics
-
H. Shahriar, Mohammad Zulkernine (2009)
Automatic Testing of Program Security Vulnerabilities2009 33rd Annual IEEE International Computer Software and Applications Conference, 2
-
Abdelnasser Ouda, H. Lutfiyya, M. Bauer (2010)
Automatic Policy Mapping to Management System Configurations2010 IEEE International Symposium on Policies for Distributed Systems and Networks
-
Stephen Quinn, David Waltermire, Christopher Johnson, K. Scarfone, John Banghart (2011)
SP 800-126 Rev. 2. The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2 -
M. Nicolett, K.M. Kavanagh
Critical Capabilities for Security Information and Event Management Technology -
Hédi Hamdi, A. Bouhoula, M. Mosbah (2007)
A Software Architecture for Automatic Security Policy Enforcement in Distributed SystemsThe International Conference on Emerging Security Information, Systems, and Technologies (SECUREWARE 2007)
-
H. Tian, Liusheng Huang, Zhi Zhou, Yonglong Luo (2004)
Arm up administrators: automated vulnerability management7th International Symposium on Parallel Architectures, Algorithms and Networks, 2004. Proceedings.
-
10.6028/NIST.SP.800-126
-
10.1109/AICCSA.2009.5069371
-
Raydel Montesino, Stefan Fenz (2011)
Information Security Automation: How Far Can We Go?2011 Sixth International Conference on Availability, Reliability and Security
-
J. Shenk
SANS Sixth Annual Log Management Survey Report -
Ahmed Hassan, Waleed Bahgat (2009)
A Framework for Translating a High Level Security Policy into Low Level Security Mechanisms, 61
-
ISO/IEC
Information Technology – Security Techniques – Code of Practice for Information Security Management -
SANS
Twenty Critical Controls for Effective Cyber Defense: Consensus Audit Guidelines -
A. Al-Ayed, S. Furnell, D. Zhao, P. Dowland (2005)
An automated framework for managing security vulnerabilitiesInf. Manag. Comput. Security, 13
-
Henrik Karlzén (2009)
An Analysis of Security Information and Event Management Systems - The Use or SIEMs for Log Collection, Management and Analysis -
10.1109/LATINCOM.2009.5305052
-
W. Keith, Edwards Erika, Shehan Poole, Jennifer Stoll (2008)
Security automation considered harmful? -
R. Richardson
CSI 15th Annual Computer Crime and Security Survey -
J.M. Madrid, L.E. Munera, C.A. Montoya, J.D. Osorio, L.E. Cárdenas, R. Bedoya, C. Latorre
Functionality, reliability and adaptability improvements to the OSSIM information security console -
S. Quinn, K. Scarfone, M. Barrett, C. Johnson
NIST SP 800‐117: Guide to Adopting and Using the Security Content Automation Protocol (SCAP) -
S. Quinn, D. Waltermire, C. Johnson, K. Scarfone, J. Banghart
NIST SP 800‐126: The Technical Specification for the Security Content Automation Protocol (SCAP) -
Stephen Quinn, K. Scarfone, M. Barrett, Christopher Johnson (2010)
SP 800-117. Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0 -
R. Werlinger, K. Hawkey, K. Beznosov (2009)
An integrated view of human, organizational, and technological challenges of IT security managementInf. Manag. Comput. Secur., 17
-
NIST
NIST SP 800‐53: Recommended Security Controls for Federal Information Systems and Organizations -
S. Radack, Rick Kuhn (2011)
Managing Security: The Security Content Automation ProtocolIT Professional, 13
- Publisher
- Emerald Publishing
- Copyright
- Copyright © 2012 Emerald Group Publishing Limited. All rights reserved.
- ISSN
- 0968-5227
- DOI
- 10.1108/09685221211267639
- Publisher site
- See Article on Publisher Site
Abstract
Purpose – The purpose of this paper is to propose a framework for security controls automation, in order to achieve greater efficiency and reduce the complexity of information security management. Design/methodology/approach – This research reviewed the controls recommended by well known standards such as ISO/IEC 27001 and NIST SP 800‐53; and identified security controls that can be automated by existing hard‐and software tools. The research also analyzed the Security Information and Event Management (SIEM) technology and proposed a SIEM‐based framework for security controls automation, taking into account the automation potential of SIEM systems and their integration possibilities with several security tools. Findings – About 30 per cent of information security controls can be automated and they were grouped in a list of ten automatable security controls. A SIEM‐based framework can be used for centralized and integrated management of the ten automatable security controls. Practical implications – By implementing the proposed framework and therefore automating as many security controls as possible, organizations will achieve more efficiency in information security management, reducing also the complexity of this process. This research may also be useful for SIEM vendors, in order to include more functionality to their products and provide a maximum of security controls automation within SIEM platforms. Originality/value – This paper delimits the boundaries of information security automation and defines what automation means for each security control. A novel framework for security controls automation is proposed. This research provides an automation concept that goes beyond what it is normally described in previous works and SIEM solutions.
Journal
Information Management & Computer Security – Emerald Publishing
Published: Oct 5, 2012
Keywords: Information management; Data security; Computer security; Security automation; Security information and event management; Information security management