scholarly journals Security Information and Event Management (SIEM): Analysis, Trends, and Usage in Critical Infrastructures

Sensors ◽  
2021 ◽  
Vol 21 (14) ◽  
pp. 4759
Author(s):  
Gustavo González-Granadillo ◽  
Susana González-Zarzosa ◽  
Rodrigo Diaz
Keyword(s):  
Big Data Analytics ◽  
Cyber Attacks ◽  
Mitigation Strategies ◽  
Critical Infrastructures ◽  
Incident Response ◽  
Event Management ◽  
Factors Affecting ◽  
Security Information ◽  
Reducing Costs

Security Information and Event Management (SIEM) systems have been widely deployed as a powerful tool to prevent, detect, and react against cyber-attacks. SIEM solutions have evolved to become comprehensive systems that provide a wide visibility to identify areas of high risks and proactively focus on mitigation strategies aiming at reducing costs and time for incident response. Currently, SIEM systems and related solutions are slowly converging with big data analytics tools. We survey the most widely used SIEMs regarding their critical functionality and provide an analysis of external factors affecting the SIEM landscape in mid and long-term. A list of potential enhancements for the next generation of SIEMs is provided as part of the review of existing solutions as well as an analysis on their benefits and usage in critical infrastructures.

Big Data Analytics for Intrusion Detection

2020 ◽  
pp. 292-316 ◽  
Author(s):  
Luis Filipe Dias ◽  
Miguel Correia
Keyword(s):  
Big Data ◽  
Intrusion Detection ◽  
Data Analytics ◽  
Big Data Analytics ◽  
Semantic Gap ◽  
Behavioral Analysis ◽  
Event Management ◽  
Security Monitoring ◽  
Hidden Correlations ◽  
Security Information

Intrusion detection has become a problem of big data, with a semantic gap between vast security data sources and real knowledge about threats. The use of machine learning (ML) algorithms on big data has already been successfully applied in other domains. Hence, this approach is promising for dealing with cyber security's big data problem. Rather than relying on human analysts to create signatures or classify huge volumes of data, ML can be used. ML allows the implementation of advanced algorithms to extract information from data using behavioral analysis or to find hidden correlations. However, the adversarial setting and the dynamism of the cyber threat landscape stand as difficult challenges when applying ML. The next generation security information and event management (SIEM) systems should provide security monitoring with the means for automation, orchestration and real-time contextual threat awareness. However, recent research shows that further work is needed to fulfill these requirements. This chapter presents a survey on recent work on big data analytics for intrusion detection.

scholarly journals Application of security information and event management technology for information security in critical infrastructures

2014 ◽  
Vol 1 (20) ◽  
pp. 27
Author(s):  
Igor Vitalievich Kotenko ◽  
Igor Borisovich Saenko ◽  
Olga Vitalievna Polubelova ◽  
Andrey Alexeevich Chechulin
Keyword(s):  
Information Security ◽  
Critical Infrastructures ◽  
Event Management ◽  
Management Technology ◽  
Security Information

scholarly journals ОПЕРАЦІЙНИЙ ЦЕНТР БЕЗПЕКИ ЯК ПОСЛУГА НА ОСНОВІ SIEM

2021 ◽  
Vol 1 (2) ◽  
pp. 177-186
Author(s):  
V. O. BOLILYI ◽  
◽  
L. P. SUKHOVIRSKA ◽  
O. M. LUNHOL ◽  
◽  
...  
Keyword(s):  
Model Performance ◽  
Cyber Attacks ◽  
Event Management ◽  
Event Monitoring ◽  
Systems Security ◽  
State Pedagogical ◽  
Protection Systems ◽  
Security Information ◽  
Security Operations ◽  
Operations Center

This study examines the Security Operations Center, which provides detection and analysis of cybersecurity, rapid response, and prevention of cyber attacks. Security Operations Center technologies are used to provide visibility and enable analysts to protect against attacks. The algorithm of presenting the topic «Security Center» during the teaching of the discipline «Security of programs and data» at the Volodymyr Vynnychenko Central Ukrainian State Pedagogical University is shown, namely the problems of implementation of event monitoring systems «Security information and event management», types of operational centers, methods of building internal operational security centers. Subject competencies are formed in students: to classify, identify and protect information processing facilities from unauthorized access and computer viruses, to develop individual access control and information protection systems. The process of implementing Security information and event management systems at the enterprise is shown, the main mechanisms of this system using a hierarchical model, the main tasks of the security operational center, the key parameters of the Security Operations Center (organizational model, performance of functions that go beyond the tasks, level of authority), basic rules of correlation. The commercial security operations center SOC as a Service is considered, which is designed to help work with a huge amount of information, real-time monitoring and response to attacks. During the laboratory classes, the students analyzed the companies that provide security operations center services (Information Systems Security Partners, Octave Cybersecurity, Infopulse, Omega Security Service) and studied the factors that affect companies when choosing the type Security Operations Center. Key words: Security Operations Center, SEIM-systems, cybersecurity, SOC as a Service.

The Factors Affecting the Business Expectation of Human Resources in Entertain and Event Management

2020 ◽  
Vol 36 (3) ◽  
Author(s):  
Do Huy Thuong ◽  
Nguyen Thi Phuong Hong
Keyword(s):  
Human Resources ◽  
Human Resource ◽  
Professional Knowledge ◽  
Event Management ◽  
Factors Affecting ◽  
Research Results ◽  
Fundamental Knowledge

This research analysizes the factors affecting the business expectations of human resources in entertainment and event management. The research results have showed that of the 5 factors affecting the human resource expectations of businesses in entertainment and event management, the factor “professional knowledge” has the biggest impact on the expectations of the businesses. Next to it are “attitude”, “skill” and “ability”. The factor “fundamental knowledge” has the least influence on the expectations of the businesses.

INFORMATION SUPPORT FOR MAKING MANAGEMENT DECISIONS IN THE FIELD OF PREVENTION OF EYE DISEASES AT STUDENTS BASED ON MULTI-VARIANT SIMULATION AND FORECASTING

2020 ◽  
pp. 147-153
Author(s):  
Юлия Владимировна Татаркова ◽  
Татьяна Николаевна Петрова ◽  
Олег Валериевич Судаков ◽  
Александр Юрьевич Гончаров ◽  
Ольга Николаевна Крюкова
Keyword(s):  
Preventive Measures ◽  
Influential Factors ◽  
Eye Diseases ◽  
Information Support ◽  
Factor Space ◽  
Factors Affecting ◽  
Eye Fatigue ◽  
Modeling And Forecasting ◽  
Medical Examinations

В настоящей статье представлен обзор основных решений, доступных сегодня для формирования как краткосрочных, так и долгосрочных проекций заболеваемости болезней глаза и его придаточного аппарата в студенческой среде. С другой стороны, существует ряд проблем, связанных с многообразием факторов, влияющих на заболеваемость, статистической необоснованностью и противоречивостью имеющихся результатов анализа данных. Представлены результаты математического моделирования зависимости показателя заболеваемости от наиболее влиятельных факторов образовательной и социальной среды. Перечислены важнейшие направления разработки математических моделей распространения заболеваемости. С помощью разработанного программного комплекса проведена серия вычислительных экспериментов по оценке и прогнозированию заболеваемости обучающихся в вузах разного профиля. Показана эффективность применения методики многовариантного моделирования и прогнозирования, указаны их ограничения и возможности практического применения. По расположению обобщенной области благоприятного прогноза в факторном пространстве можно определить время воздействия неблагоприятных для зрения факторов, которое должно составлять не более 10 ... 11 часов в сутки, количество профилактических мероприятий должно составлять не менее 3 ... 4. При этом риск развития миопии составит не более 0,4, вероятность усталости глаз за компьютером составит не более 0,4, вероятность дискомфорта глаз на занятиях составит не более 0,15. Исходя из характера прогноза, определяется длительность диспансерного наблюдения, а также потребность профилактических мероприятий по устранению или ослаблению действия неблагоприятно влияющих социально-гигиенических и медико-биологических факторов конкретного больного. Использование прогностической матрицы в практическом здравоохранении позволяет существенно улучшить работу по профилактике офтальмологической заболеваемости и является одним из эффективных мероприятий диспансеризации студенческой молодежи, так как дает возможность выделить из числа обучающихся группу с высоким риском неблагоприятного исхода заболевания This article provides an overview of the main solutions available today for the formation of both short-term and long-term projections of the incidence of eye diseases and its adnexa in the student environment. On the other hand, there are a number of problems associated with a variety of factors affecting the incidence, statistical unreasonability and inconsistency of the available data analysis results. The results of mathematical modeling of the dependence of the incidence rate on the most influential factors of the educational and social environment are presented. The most important areas of developing mathematical models for the spread of morbidity are listed. With the help of the developed software package, a series of computational experiments was carried out to assess and predict the incidence of students in universities of various profiles. The effectiveness of the application of multivariate modeling and forecasting methods is shown, their limitations and practical application possibilities are indicated. By the location of the generalized region of favorable prognosis in the factor space, it is possible to determine the exposure time of factors unfavorable for vision, which should be no more than 10 ... 11 hours a day, the number of preventive measures should be at least 3 ... 4. At the same time, the risk of development myopia will be no more than 0.4, the probability of eye fatigue at the computer will be no more than 0.4, the likelihood of eye discomfort in the classroom will be no more than 0.15. Based on the nature of the forecast, the duration of the follow-up observation is determined, as well as the need for preventive measures to eliminate or weaken the action of adverse social, hygienic and biomedical factors of a particular patient. The use of the prognostic matrix in practical health care can significantly improve the work on the prevention of ophthalmic morbidity and is one of the effective medical examinations for students, since it makes it possible to distinguish among the students a group with a high risk of an unfavorable outcome of the disease

scholarly journals Public reporting of performance measures in long-term care in Canada: does it make a difference?

2020 ◽  
Vol 30 (Supplement_5) ◽  
Author(s):  
M Poldrugovac ◽  
J E Amuah ◽  
H Wei-Randall ◽  
P Sidhom ◽  
K Morris ◽  
...  
Keyword(s):  
Performance Measures ◽  
Performance Indicators ◽  
Long Term Care ◽  
Public Reporting ◽  
Policy Implications ◽  
Term Care ◽  
Factors Affecting ◽  
Care Facilities ◽  
The Impact

Abstract Background Evidence of the impact of public reporting of healthcare performance on quality improvement is not yet sufficient to draw conclusions with certainty, despite the important policy implications. This study explored the impact of implementing public reporting of performance indicators of long-term care facilities in Canada. The objective was to analyse whether improvements can be observed in performance measures after publication. Methods We considered 16 performance indicators in long-term care in Canada, 8 of which are publicly reported at a facility level, while the other 8 are privately reported. We analysed data from the Continuing Care Reporting System managed by the Canadian Institute for Health Information and based on information collection with RAI-MDS 2.0 © between the fiscal years 2011 and 2018. A multilevel model was developed to analyse time trends, before and after publication, which started in 2015. The analysis was also stratified by key sample characteristics, such as the facilities' jurisdiction, size, urban or rural location and performance prior to publication. Results Data from 1087 long-term care facilities were included. Among the 8 publicly reported indicators, the trend in the period after publication did not change significantly in 5 cases, improved in 2 cases and worsened in 1 case. Among the 8 privately reported indicators, no change was observed in 7, and worsening in 1 indicator. The stratification of the data suggests that for those indicators that were already improving prior to public reporting, there was either no change in trend or there was a decrease in the rate of improvement after publication. For those indicators that showed a worsening trend prior to public reporting, the contrary was observed. Conclusions Our findings suggest public reporting of performance data can support change. The trends of performance indicators prior to publication appear to have an impact on whether further change will occur after publication. Key messages Public reporting is likely one of the factors affecting change in performance in long-term care facilities. Public reporting of performance measures in long-term care facilities may support improvements in particular in cases where improvement was not observed before publication.

Sign in / Sign up

Export Citation Format

Share Document