A Study on Capabilities and functionalities of Security Information and Event Management systems(SIEM)

Security Management is the important issue in the IT Industry. IT industries is in need of a tool which can help in managing the information and events and increase the grade of security. Security information and event management (SIEM) offers a new approach to security management by providing a holistic view of the business information technology security. SIEM tools can be reviewed on the basis its critical capabilities as for any product. This paper discusses about some of the important capabilities for any SIEM product, also few current vendors for SIEM tool are evaluated in terms of those critical capabilities of SIEM

Multi-Layer Cyber-Physical Security and Resilience for Smart Grid

The smart grid is a large-scale complex system that integrates communication technologies with the physical layer operation of the energy systems. Security and resilience mechanisms by design are important to provide guarantee operations for the system. This chapter provides a layered perspective of the smart grid security and discusses game and decision theory as a tool to model the interactions among system components and the interaction between attackers and the system. We discuss game-theoretic applications and challenges in the design of cross-layer robust and resilient controller, secure network routing protocol at the data communication and networking layers, and the challenges of the information security at the management layer of the grid. The chapter will discuss the future directions of using game-theoretic tools in addressing multi-layer security issues in the smart grid.Comment: 16 page

Managing Information Security Complexity

This paper examines using a requirements management tool as a common thread to managing the complexity of information security systems. Requirements management provides a mechanism to trace requirements through to design, implementation, operating, monitoring, reviewing, testing, and reporting by creating links to associated, critical artefacts. This is instrumental in managing complex and dynamic systems where change can impact other subsystems and associated documentation. It helps to identify the affected artefacts through many layers. Benefits to this approach would include better project planning and management, improved risk management, superior change management, ease of reuse, enhanced quality control and more effective acceptance testing. It would also improve the ability to audit, especially at a time when outsourcing of security functions is occurring throughout the world. ISO 27001:2006 provides a model for the implementation of an Information Security Management System (ISMS) that can be tailored by an organization. It is proposed that employment of a requirements management tool could manage the traceability aspects of an ISMS

Analisis Tingkat Kesiapan Pengamanan Sistem Informasi

The University has a number of data relating to Academic and Higher Education Governance. The large amount of data that requires security, especially in terms of readiness to secure information systems. Maintaining information system security in the university environment aims to maintain confidentiality, fulfill the availability of the system for those who have authority for those who use it and the integrity of the system. The University of National Development "Veteran" Jakarta has work units such as the Faculty, UPT and Bureau where each has the task and function to manage data. The problem is the need to measure the level of information system security to see the maturity of an information system at UPN Veteran Jakarta. OUR Index stands for Information Security Index which is used as a tool to analyze and measure and evaluate the maturity level of information security with the application of SNI ISO / IEC 27001: 2009 standards that can be applied within government agencies. As for the KAMi index version used, namely version 3.1. The method used to solve the problems in OUR index is through six stages, namely the first stage of electronic systems, both information security governance, third information security risk management, the four information security management frameworks, the five asset information management and the six information security technologies. The results obtained after taking measurements using the US Index need improvement in system security in managing information security risks and governance

Information Security Risk Assessment for Banking Sector-A Case study of Pakistani Banks

The ever increasing trend of Information Technology (IT) in organizations has given them new horizon in international market. Organizations now totally depend on IT for better and effective communication and daily operational tasks. Advancements in IT have exposed organization to information security threats also. Several methods and standards for assessment of information security in an organization are available today. Problems with these methods and standards are that they neither provide quantitative analysis of information security nor access potential loses information malfunctioning could create. This paper highlight the necessity of information security tool which could provide quantitative risk assessment along with the classification of risk management controls like management, operational and technical controls in an organizations. It is not possible for organizations to establish information security effectively without knowing the loopholes in their controls. Empirical data for this research was collected from the 5 major banks of Pakistan through two different questionnaires. It is observed that mostly banks have implemented the technical and operational control properly, but the real crux, the information security culture in organization is still a missing link in information security management

eIDeCert: a user-centric solution for mobile identification

The necessity to certify one's identity for different purposes and the evolution of mobile technologies have led to the generation of electronic devices such as smart cards, and electronic identities designed to meet daily needs. Nevertheless, these mechanisms have a problem: they don't allow the user to set the scope of the information presented. That problem introduces interesting security and privacy challenges and requires the development of a new tool that supports user-centrity for the information being handled. This article presents eIDeCert, a tool for the management of electronic identities (eIDs) in a mobile environment with a user-centric approach. Taking advantage of existing eCert technology we will be able to solve a real problem. On the other hand, the application takes us to the boundary of what the technology can cope with: we will assess how close we are to the boundary, and we will present an idea of what the next step should be to enable us to reach the goal

Solutions and Tools for Secure Communication in Wireless Sensor Networks

Secure communication is considered a vital requirement in Wireless Sensor Network (WSN) applications. Such a requirement embraces different aspects, including confidentiality, integrity and authenticity of exchanged information, proper management of security material, and effective prevention and reaction against security threats and attacks. However, WSNs are mainly composed of resource-constrained devices. That is, network nodes feature reduced capabilities, especially in terms of memory storage, computing power, transmission rate, and energy availability. As a consequence, assuring secure communication in WSNs results to be more difficult than in other kinds of network. In fact, trading effectiveness of adopted solutions with their efficiency becomes far more important. In addition, specific device classes or technologies may require to design ad hoc security solutions. Also, it is necessary to efficiently manage security material, and dynamically cope with changes of security requirements. Finally, security threats and countermeasures have to be carefully considered since from the network design phase. This Ph.D. dissertion considers secure communication in WSNs, and provides the following contributions. First, we provide a performance evaluation of IEEE 802.15.4 security services. Then, we focus on the ZigBee technology and its security services, and propose possible solutions to some deficiencies and inefficiencies. Second, we present HISS, a highly scalable and efficient key management scheme, able to contrast collusion attacks while displaying a graceful degradation of performance. Third, we present STaR, a software component for WSNs that secures multiple traffic flows at the same time. It is transparent to the application, and provides runtime reconfigurability, thus coping with dynamic changes of security requirements. Finally, we describe ASF, our attack simulation framework for WSNs. Such a tool helps network designers to quantitatively evaluate effects of security attacks, produce an attack ranking based on their severity, and thus select the most appropriate countermeasures

Risk based multi-objective security control and congestion management

Deterministic security criterion has served power system operation, congestion management quite well in last decades. It is simple to be implemented in a security control model, for example, security constrained optimal power flow (SCOPF). However, since event likelihood and violation information are not addressed, it does not provide quantitative security understanding, and so results in system inadequate awareness. Therefore, even if computation capability and information techniques have been greatly improved and widely applied in the operation support tool, operators are still not able to get rid of the security threat, especially in the market competitive environment.;Probability approach has shown its strong ability for planning purpose, and recently gets attention in operation area. Since power system security assessment needs to analyze consequence of all credible events, risk defined as multiplication of event probability and severity is well suited to give an indication to quantify the system security level, and congestion level as well. Since risk addresses extra information, its application for making BETTER online operation decision becomes an attractive research topic.;This dissertation focus on system online risk calculation, risk based multi-objective optimization model development, risk based security control design, and risk based congestion management. A regression model is proposed to predict contingency probability using weather and geography information for online risk calculation. Risk based multi-objective optimization (RBMO) model is presented, considering conflict objectives: risks and cost. Two types of method, classical methods and evolutionary algorithms, are implemented to solve RBMO problem, respectively. A risk based decision making architecture for security control is designed based on the Pareto-optimal solution understanding, visualization tool and high level information analysis. Risk based congestion management provides a market lever to uniformly expand a security VOLUME , where greater volume means more risk. Meanwhile, risk based LMP signal contracts ALL dimensions of this VOLUME in proper weights (state probabilities) at a time.;Two test systems, 6-bus and IEEE RTS 96, are used to test developed algorithms. The simulation results show that incorporating risk into security control and congestion management will evolve our understanding of security level, improve control and market efficiency, and support operator to maneuver system in an effective fashion

Decision support for choice of security solution: the Aspect-Oriented Risk Driven Development (AORDD)framework

In security assessment and management there is no single correct solution to the identified security problems or challenges. Instead there are only choices and tradeoffs. The main reason for this is that modern information systems and security critical information systems in particular must perform at the contracted or expected security level, make effective use of available resources and meet end-users' expectations. Balancing these needs while also fulfilling development, project and financial perspectives, such as budget and TTM constraints, mean that decision makers have to evaluate alternative security solutions.\ud \ud This work describes parts of an approach that supports decision makers in choosing one or a set of security solutions among alternatives. The approach is called the Aspect-Oriented Risk Driven Development (AORDD) framework, combines Aspect-Oriented Modeling (AOM) and Risk Driven Development (RDD) techniques and consists of the seven components: (1) An iterative AORDD process. (2) Security solution aspect repository. (3) Estimation repository to store experience from estimation of security risks and security solution variables involved in security solution decisions. (4) RDD annotation rules for security risk and security solution variable estimation. (5) The AORDD security solution trade-off analysis and trade-o¤ tool BBN topology. (6) Rule set for how to transfer RDD information from the annotated UML diagrams into the trad-off tool BBN topology. (7) Trust-based information aggregation schema to aggregate disparate information in the trade-o¤ tool BBN topology. This work focuses on components 5 and 7, which are the two core components in the AORDD framework