Digitala Vetenskapliga Arkivet

Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
A Framework and Prototype for A Socio-Technical Security Information and Event Management System (ST-SIEM)
Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.ORCID iD: 0000-0002-5701-2569
Norwegian University of Science and Technology, Norway.
2016 (English)In: 2016 European Intelligence and Security Informatics Conference: Proceedings / [ed] Joel Brynielsson, Fredrik Johansson, IEEE Computer Society, 2016, p. 192-195Conference paper, Published paper (Refereed)
Abstract [en]

In this short paper we present a socio-technical framework for integrating a security risk escalation maturity model into a security information and event management system. The objective of the framework is to develop the foundations for the next generation socio-technical security information and event management systems (ST-SIEMs) enabling socio-technical security operations centers (ST-SOCs). The primary benefit of the socio-technical framework is twofold: supporting organizations in overcoming the identified limitations in their security risk escalation maturity, and supporting SOCs in overcoming the limitations of their SIEMs. The risk escalation maturity level is quantified using metrics. These metrics are then used by SIEMs for cross correlating security events before they are disseminated to respective organizations. Typical SIEMs in use today calculate security events using generic risk factors not necessarily relevant for every organization. The proposed framework can enable security administrators to effectively and efficiently manage security warnings and to establish necessary countermeasures.

Place, publisher, year, edition, pages
IEEE Computer Society, 2016. p. 192-195
Keywords [en]
SIEM, Socio-Technical SIEM, SOC, Risk Escalation
National Category
Information Systems, Social aspects
Research subject
Computer and Systems Sciences
Identifiers
URN: urn:nbn:se:su:diva-153268DOI: 10.1109/EISIC.2016.049ISBN: 978-1-5090-2857-3 (electronic)OAI: oai:DiVA.org:su-153268DiVA, id: diva2:1185102
Conference
2016 European Intelligence and Security Informatics Conference, Uppsala, Sweden, 17–19 August 2016
Available from: 2018-02-23 Created: 2018-02-23 Last updated: 2022-02-28Bibliographically approved
In thesis
1. Cybersecurity Incident Response: A Socio-Technical Approach
Open this publication in new window or tab >>Cybersecurity Incident Response: A Socio-Technical Approach
2019 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

This thesis examines the cybersecurity incident response problem using a socio-technical approach. The motivation of this work is the need to bridge the knowledge and practise gap that exists because of the increasing complexity of cybersecurity threats and our limited capability of applying cybersecurity controls necessary to adequately respond to these threats. Throughout this thesis, knowledge from Systems Theory, Soft Systems Methodology and Socio-Technical Systems is applied to examine and document the socio-technical properties of cybersecurity incident response process. The holistic modelling of cybersecurity incident response process developed concepts and methods tested to improve the socio-technical security controls and minimise the existing gap in security controls.

The scientific enquiry of this thesis is based on pragmatism as the underpinning research philosophy.  The thesis uses a design science research approach and embeds multiple research methods to develop five artefacts (concept, model, method, framework and instantiation) outlined in nine peer-reviewed publications. The instantiated artefact embraces the knowledge developed during this research to provide a prototype for a socio-technical security information and event management system (ST-SIEM) integrated with an open source SIEM tool. The artefact relevance was validated through a panel of cybersecurity experts using a Delphi method. The Delphi method indicated the artefact can improve the efficacy of handling cybersecurity incidents.

Place, publisher, year, edition, pages
Stockholm: Department of Computer and Systems Sciences, Stockholm University, 2019. p. 133
Series
Report Series / Department of Computer & Systems Sciences, ISSN 1101-8526 ; 19-007
Keywords
cybersecurity incident response, SIEM, cybersecurity warning systems, socio-technical approach, organisation security culture
National Category
Computer Systems Information Systems, Social aspects
Research subject
Computer and Systems Sciences
Identifiers
urn:nbn:se:su:diva-167873 (URN)978-91-7797-715-5 (ISBN)978-91-7797-716-2 (ISBN)
Public defence
2019-06-07, L30, NOD-huset, Borgarfjordsgatan 12, Kista, 10:00 (English)
Opponent
Supervisors
Available from: 2019-05-15 Created: 2019-04-10 Last updated: 2022-02-26Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full text

Search in DiVA

By author/editor
Al Sabbagh, BilalKowalski, Stewart
By organisation
Department of Computer and Systems Sciences
Information Systems, Social aspects

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 498 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf