Conception d’un tableau de bord stratégique en sécurité de l’information pour le soutien de la conscience de la situation

Le responsable de la sécurité des systèmes d’information (CISO) a pour objectif de s’assurer que le conseil d'administration et les hauts dirigeants ont une bonne compréhension de la situation actuelle de l'organisation en matière de sécurité de l'information, puis d’agir de conseiller stratégique pour les décisions qui ont un impact sur la sécurité de l’information. Pour atteindre ces objectifs, le CISO doit avoir accès à de l’information fiable et complète, au moment opportun. Comme la reddition stratégique d’une telle quantité d’information est un processus complexe, elle nécessite l’utilisation d’outils comme le tableau de bord de gestion, défini comme étant un résumé en une page de l’information critique qui permet à l’utilisateur d'atteindre ses objectifs. Cet article propose une méthode de conception de tableau de bord stratégique en sécurité de l’information pour le soutien de la conscience de la situation, qui permet à une partie prenante stratégique en sécurité de l’information d’avoir une bonne compréhension de son environnement. Ensuite, l’article offre un aperçu de la valeur de cette méthode en présentant une maquette de tableau de bord, conçue pour le CISO d'une institution financière canadienne et son équipe. Il documente aussi les défis rencontrés lors du processus de conception.Abstract: The Chief Information Security Officer (CISO) is the senior-level executive who ensures that the board and the executives have a good understanding of the current information security posture of the organization. To fulfill this objective, the CISO needs to have access to reliable, complete and relevant information in a timely manner to allow them to communicate effectively and to take the best decisions. Widely viewed as a great enabler of good performance management, the dashboard is a one-pager summary of the information that allows users to meet their objectives. This paper describes a method that makes it possible to consistently design dashboards that support situation awareness, giving users a good understanding of their environment in order for them to reach their goals. It then creates an example of such a dashboard that targets information security strategic stakeholders such as the CISO in the context of a Canadian financial institution, giving insights into the challenges faced in the design process

Visualization of security events using an efficient correlation technique

The timely and reliable data transfer required by many networked applications necessitates the development of comprehensive security solutions to monitor and protect against an increasing number of malicious attacks. However, providing complete cyber space situation awareness is extremely challenging because of the lack of effective translation mechanisms from low-level situation information to high-level human cognition for decision making and action support. We propose an adaptive cyber security monitoring system that integrates a number of component techniques to collect timeseries situation information, perform intrusion detection, keep track of event evolution, characterize and identify security events, and present a visual representation in order to provide comprehensive situational view so that corresponding defense actions can be taken in a timely and effective manner. We explore the principles of designing and applying appropriate visualization techniques for situation monitoring by defining graphical representations of security events. This differs from the traditional rule-based pattern matching techniques in that security events in the proposed system are represented as forms of correlation networks using random matrix theory and identified through the computation of network similarity measurement. The events and corresponding event types are visualized using a stemplot to show location and quantity. Extensive simulation results on event identification illustrate the efficacy of the proposed system. © 2009 IEEE

Cognitive Foundations for Visual Analytics

In this report, we provide an overview of scientific/technical literature on information visualization and VA. Topics discussed include an update and overview of the extensive literature search conducted for this study, the nature and purpose of the field, major research thrusts, and scientific foundations. We review methodologies for evaluating and measuring the impact of VA technologies as well as taxonomies that have been proposed for various purposes to support the VA community. A cognitive science perspective underlies each of these discussions