A Framework and Prototype for A Socio-Technical Security Information and Event Management System (ST-SIEM)

The article is focused on the development of a mathematical model of functioning the security information and event management system known as the SIEM system. This model is a formalized analytical description (in terms of a Markov chain in the form of stochastic differential equations) of the dynamics of the changing states of quality indicators characterizing the essential properties of functioning the security information and events management system in the state space. The model is a system of equations of state and observation, traditional for the Markov chain in the form of finite differences. The scientific task is to improve (modify) the algorithms for converting excitation noise used in the model. A mechanism is proposed for determining the values of the mathematical expectation increment of the simulated process, obtained on the basis of a priori data on the Markov chain, in relation to the mathematical expectation of white Gaussian noise exciting this process. Based on simple calculations the mechanism helps to decide what values can be taken by the elements of the vector of compensation additives in the equation of state of the auxiliary indicator vector of this modified model, taking into account the conversion of the excitation noise. This allows simplifying the model and reducing its computational complexity without significant losses in accuracy (adequacy). The practical application of an improved model is possible both in the framework of the research and in the systems of automated control of information security.

Download Full-text

SPEAR SIEM: A Security Information and Event Management system for the Smart Grid

Computer Networks ◽

10.1016/j.comnet.2021.108008 ◽

2021 ◽

pp. 108008

Author(s):

Panagiotis Radoglou-Grammatikis ◽

Panagiotis Sarigiannidis ◽

Eider Iturbe ◽

Erkuden Rios ◽

Saturnino Martinez ◽

...

Keyword(s):

Smart Grid ◽

Management System ◽

Event Management ◽

Security Information

Download Full-text

Open challenges in visual analytics for security information and event management

Information and Control Systems ◽

10.31799/1684-8853-2019-2-57-67 ◽

2019 ◽

pp. 57-67

Author(s):

E. S. Novikova ◽

I. V. Kotenko

Keyword(s):

Visual Analytics ◽

Event Management ◽

Security Information

Download Full-text

The Design of Operation and Maintenance Management System about IT Platform Based on Tivoli

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.599-601.2215 ◽

2014 ◽

Vol 599-601 ◽

pp. 2215-2219 ◽

Cited By ~ 1

Author(s):

Fen Su Shi ◽

Yang Zhou ◽

Pan Shi

Keyword(s):

Management System ◽

Process Management ◽

Maintenance Management ◽

It Infrastructure ◽

Event Management ◽

Management Platform ◽

Operation And Maintenance ◽

Passive Response ◽

Maintenance Work ◽

Storage Networks

At present, many domestic industries don’t have perfect operation and maintenance management systems for their IT platform. Most of the daily maintenance work is passive response after the problem occurred rather than discovery in advance, which will bring the potential risks to IT system running smoothly. Therefore it is necessary to monitor and manage the existing IT core equipment, to improve the security and stability of the core production and enhance the satisfaction of business department. In addition, through the establishment of an association between centralized monitoring and process management platform, the system standardizes the operational work, and improves work efficiency.Maintenance management system based on Tivoli[1] is mainly to complete the monitoring and management of the IT infrastructure, used in finance, electric power, chemical and other industries, which includes room infrastructure, storage, networks, systems, databases and middleware. On one hand, the system centralizes event management platform integrates events from various aspects of the IT infrastructure, takes a rich deal and then provides intuitive monitoring for operational management. Moreover it integrates process management platform so as to complete creating work orders, processing and other operations. On the other hand, the system will integrate the monitoring results of existing business into the monitoring interface, and implements IT knowledge sharing.

Download Full-text

Design of Event Management System for Smart Retail Stores with IoT Edge

International Journal of Engineering Trends and Technology ◽

10.14445/22315381/ijett-v68i11p210 ◽

2020 ◽

Vol 68 (11) ◽

pp. 81-88

Author(s):

Karthikeyan RR ◽

Raghu B

Keyword(s):

Management System ◽

Retail Stores ◽

Event Management

Download Full-text

CONSTRUCTION OF MEMBERSHIP FUNCTIONS IN FUZZY SECURITY INFORMATION AND EVENT MANAGEMENT TASKS

Mathematical Methods in Technologies and Technics ◽

10.52348/2712-8873_mmtt_2021_1_126 ◽

2021 ◽

pp. 126-129

Author(s):

I.V. Kotenko ◽

I.B. Parashchuk

Keyword(s):

Membership Functions ◽

Event Management ◽

Security Information

Download Full-text

Challenges and Directions in Security Information and Event Management (SIEM)

2018 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW) ◽

10.1109/issrew.2018.00-24 ◽

2018 ◽

Cited By ~ 3

Author(s):

Marcello Cinque ◽

Domenico Cotroneo ◽

Antonio Pecchia

Keyword(s):

Event Management ◽

Security Information

Download Full-text

ANALYSIS OF ROUTER ATTACK WITH SECURITY INFORMATION AND EVENT MANAGEMENT AND IMPLICATIONS IN INFORMATION SECURITY INDEX

Cyber Security dan Forensik Digital ◽

10.14421/csecurity.2019.2.1.1388 ◽

2019 ◽

Vol 2 (1) ◽

pp. 1-7

Author(s):

CITRA ARFANUDIN ◽

Bambang Sugiantoro ◽

Yudi Prayudi

Keyword(s):

Information Security ◽

Forensic Analysis ◽

Event Management ◽

Information Security Management System ◽

Security Information ◽

Information Assets ◽

Security Index ◽

Syn Flooding ◽

The Government ◽

The Impact

Information security is a need to secure organizational information assets. The government as the regulator issues an Information Security Management System (ISMS) and Information Security Index (US) as a measure of information security in the agency of a region. Security Information and Event Management (SIEM) is a security technology to secure information assets. SIEM is expected to provide information on attacks that occur on the router network and increase the value of the Indeks KAMI of government agencies. However, the use of SIEM is still questionable whether it can recognize a router attack and its impact on the value of our index. This research simulates attacks on routers with 8 attacks namely Mac Flooding, ARP-Poisoning, CDP Flooding, DHCP Starvation, DHCP Rogue, SYN Flooding SSH Bruteforce and FTP Bruteforce. 8 types of attacks followed by digital forensic analysis using the OSCAR method to see the impact on routers and SIEM. Also measured is index KAMI before and after the SIEM to be able to measure the effect of SIEM installation on the value of index KAMI. It was found that the use of SIEM to conduct security monitoring proved successful in identifying attacks, but not all were recognized by SIEM. SIEM only recognizes DHCP Starvation, DHCP Rogue, SSH Bruteforce and FTP Bruteforce. Mac Flooding, ARP-Poisoning, CDP Flooding, SYN Flooding attacks are not recognized by SIEM because routers do not produce logs. Also obtained is the use of SIEM proven to increase our index from the aspect of technology

Download Full-text