Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
A Framework and Prototype for A Socio-Technical Security Information and Event Management System (ST-SIEM)
Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
Norwegian University of Science and Technology, Norway.
2016 (English)In: 2016 European Intelligence and Security Informatics Conference: Proceedings / [ed] Joel Brynielsson, Fredrik Johansson, IEEE Computer Society, 2016, p. 192-195Conference paper, Published paper (Refereed)
Abstract [en]

In this short paper we present a socio-technical framework for integrating a security risk escalation maturity model into a security information and event management system. The objective of the framework is to develop the foundations for the next generation socio-technical security information and event management systems (ST-SIEMs) enabling socio-technical security operations centers (ST-SOCs). The primary benefit of the socio-technical framework is twofold: supporting organizations in overcoming the identified limitations in their security risk escalation maturity, and supporting SOCs in overcoming the limitations of their SIEMs. The risk escalation maturity level is quantified using metrics. These metrics are then used by SIEMs for cross correlating security events before they are disseminated to respective organizations. Typical SIEMs in use today calculate security events using generic risk factors not necessarily relevant for every organization. The proposed framework can enable security administrators to effectively and efficiently manage security warnings and to establish necessary countermeasures.

Place, publisher, year, edition, pages
IEEE Computer Society, 2016. p. 192-195
Keyword [en]
SIEM, Socio-Technical SIEM, SOC, Risk Escalation
National Category
Information Systems, Social aspects
Research subject
Computer and Systems Sciences
Identifiers
URN: urn:nbn:se:su:diva-153268DOI: 10.1109/EISIC.2016.049ISBN: 978-1-5090-2857-3 (electronic)OAI: oai:DiVA.org:su-153268DiVA, id: diva2:1185102
Conference
2016 European Intelligence and Security Informatics Conference, Uppsala, Sweden, 17–19 August 2016
Available from: 2018-02-23 Created: 2018-02-23 Last updated: 2018-03-20Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full text

Search in DiVA

By author/editor
Al Sabbagh, BilalKowalski, Stewart
By organisation
Department of Computer and Systems Sciences
Information Systems, Social aspects

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 6 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf