WLCG Security Operations Centres Working Group

Security monitoring is an area of considerable interest for sites in the Worldwide LHC Computing Grid (WLCG), particularly as we move as a community towards the use of a growing range of computing models and facilities. There is an increasingly large set of tools available for these purposes, many of which work in concert and use concepts drawn from the use of analytics for Big Data. The integration of these tools into what is commonly called a Security Operations Centre (SOC), however, can be a complex task - the open source project Apache Metron (which at the time of writing is in incubator stage and is an evolution of the earlier OpenSOC project) is a popular example of one such integration. At the same time, the necessary scope and rollout of such tools can vary widely for sites of different sizes and topologies. Nevertheless, the use of such platforms could be critical for security in modern Grid and Cloud sites across all scientific disciplines. In parallel, the use and need for threat intelligence sharing is at a key stage and is an important component of a SOC. Grid and Cloud security is a global endeavour - modern threats can affect the entire community, and trust between sites is of utmost importance. Threat intelligence sharing platforms are a vital component to building this trust as well as propagating useful threat data. The MISP software (Malware Information Sharing Platform) is a very popular and exible tool for this purpose, in use at a wide range of organizations in different domains across the world. In this context we present the work of the WLCG Security Operations Centres Work- ing Group, which was created to coordinate activities in these areas across the WLCG. The mandate of this group includes the development of a scalable SOC reference design applicable for a range of sites by examining current and prospective SOC projects & tools. In particular we report on the first work on the deployment of MISP and the Bro Intru- sion Detection System at a number of WLCG sites as SOC components, including areas of integration between these tools. We also report on our future roadmap and framework, which includes the Apache Metron project

UNM Security Operations Task Force Charter

A charter concerning the UNM Security Operations Task Force

A Operacionalização Conjunta das Maritime Security Operations

A grande transformação do mundo no final do século XX, decorrente do fim da Guerra Fria presenciando-se o inicio de mudanças dramáticas nas identidades dos povos e nos símbolos dessas identidades, ocorrendo aquilo que alguns consideraram ser conflitos de civilizações e uma mudança na actual ordem mundial, criou condições para surgirem novas ameaças e riscos, provocando enormes desafios em termos de segurança. Nenhum Estado consegue por si só combater estas ameaças e riscos. Por esse facto, o cariz conjunto, combinado e a cooperação Internacional são essenciais para alcançar a Segurança Mundial. Portugal, de acordo com o conceito de segurança emanado do Conceito Estratégico de Defesa Nacional de 2003, efectua acções que visam assegurar a autoridade do Estado e que se enquadram na definição, que será enunciada posteriormente, de Maritime Security Operations, de uma forma conjunta, combinada e integrada entre as autoridades militares e outras agências nacionais e multinacionais. Com o presente Breve Estudo pretende-se analisar as diferentes formas como os Estados, através das formas de demonstração de autoridade (militar, civil e agências multinacionais), podem lidar com as ameaças transnacionais presentes no ambiente marítimo com o objectivo de contribuírem para a salvaguarda dos interesses multinacionais e para o esforço da globalização da segurança mundial. Abstract: The great transformation of the world in the end of the XXth century, after the end of the Cold War, witnessing the beginning of dramatically changes in the identities of the peoples and the symbols of these identities, occurring what some had considered to be conflicts of civilizations and a change in the current world-wide order, created conditions to appear new threats and risks, provoking enormous challenges in security affairs. No State by itself is able to fight these threats and risks. For this fact, the joint, combined International cooperation is essential to reach the World-wide Security. Portugal, in accordance with the emanated concept of security of the Strategically Concept for National Defence of 2003, performs some actions to assure the authority of the State and that they are fit in the definition, that will be enunciated later, of Maritime Security Operations, concerning a joint, combined and integrated concept, between the military authorities and other national agencies and multinationals actors. With the present Study it is intended to analyze the different forms as the States, through the forms of demonstration of authority (from military, civilian and multinational agencies), can deal with the threats and risks in the maritime environment with the objective to contribute for safeguards of the multinationals interests and for the effort of the globalization of the world-wide security

Machine Learning to Improve Security Operations Centers

Since the onset of the internet, the world has embraced this new technology and used it to collectively advance Humanity. Companies have followed the trend from the physical to the digital world, taking with them all their associated value. In order to safeguard this value, security needed to evolve, with enterprises employing departments of highly trained professionals. Nevertheless, the ever increasing amount of information in need of evaluation by these professionals requires the deployment of automation techniques, aiding in data analysis and bulk task processing, to reduce detection time and as such improve mitigation. This work proposes a novel tool designed to help in attack detection and alert aggregation, by leveraging machine learning techniques. The proposed solution is described in full and showcased using real data from an example implementation.Desde o aparecimento da internet, esta nova tecnologia tem sido usada para avançar a Humanidade. O mercado seguiu as tendências, passando do mundo físico para o digital e levando consigo todo o seu valor associado. De forma a salvaguardar este valor, a segurança precisou de se adaptar, com empresas a dedicarem departamentos inteiros com esse objetivo. No entanto, a quantidade cada vez mais elevada de informação a analisar exige o desenvolvimento de técnicas automáticas de processamento de dados e execução de tarefas em massa, para diminuir o tempo de deteção de ataques permitindo uma mitigação mais ágil dos mesmos. Este trabalho propõe uma ferramenta projetada para ajudar na deteção de ataques e agregação de alertas, usando técnicas de inteligência artificial. A solução proposta é descrita na íntegra e apresentada usando dados reais aplicados a uma implementação de exemplo

Создание распределенного операционного центра безопасности

V.V. Anischenko. Create a distributed security operations centerПЛЕНАРНОЕ ЗАСЕДАНИ

A Systematic Approach to the Evaluation and Treatment of Marital Problems

The collaboration of two persons of the opposite sex is a part of the natural sequence of human development and involves the integration of psychodynamic factors and group dynamics. Marriage can be classified into three general types: harmonious, adjusted, and disharmonious. The disharmonious group is classified according to the predominant security operations of the spouse into seven categories. The group dynamics are presented in terms of role functions following Spiegel\u27s (1957) classification of role discrepancies and role resolution, emphasizing the concepts of complementarity and equilibration. The diagnostic evaluation of the personality structure is outlined in terms of the operative level of the self-system and the predominant security operations in relationship to the spouse. The goal of therapy of marital problems is seen as the reestablishment of equilibrium in the marriage. The focus of treatment is on the marital interaction, with the adaptive functions of the ego being utilized to modify the security operations or ego defenses. Personality change is secondary to re-equilibration

A Situational Awareness Dashboard for a Security Operations Center

As a result of this dissertation, a solution was developed which would provide visibility into an institution’s security posture and its exposure to risk. Achieving this required the development of a Situational Awareness Dashboard in a cybersecurity context. This Dashboard provides a unified point of view where workers ranging from analysts to members of the executive board can consult and interact with a visual interface that aggregates a set of strategically picked metrics. These metrics provide insight regarding two main topics, the performance and risk of the organization’s Security Operations Center (SOC). The development of the dashboard was performed while working with the multinational enterprise entitled EY. During this time frame, two dashboards were developed one for each of two of EY’s clients inserted in the financial sector. Even though the first solution did not enter production, hence not leaving testing, the dashboard that was developed for the second client successfully was delivered fulfilling the set of objectives that were proposed initially. One of those objectives was enabling the solution to be as autonomous and selfsustained as possible, through its system architecture. Despite having different architectural components, both solutions were based on the same three-layered model. Whereas the first component runs all data ingestion, parsing and transformation operations, the second is in charge of the storage of said information into a database. Finally, the last component, possibly the most important one, is the visualization software tasked with displaying the previous information into actionable intelligence through the power of data visualization. All in all, the key points listed above converged into the development of a Situational Awareness Dashboard which ultimately allows organizations to have visibility into the SOC’s activities, as well as a perception of the performance and associated risks it faces.Como resultado desta dissertação, foi desenvolvida uma solução que proporcionaria visibilidade sobre a postura de segurança de uma instituição e sua exposição ao risco. Para tal foi necessário o desenvolvimento de um Situational Awareness Dashboard num contexto de cibersegurança. Este Dashboard pretende fornecer um ponto de vista unificado onde os trabalhadores, desde analistas a membros do conselho executivo, podem consultar e interagir com uma interface visual que agrega um conjunto de métricas escolhidas estrategicamente. Essas métricas fornecem informações sobre dois tópicos principais, o desempenho e o risco do Security Operations Center (SOC) da organização. O desenvolvimento do Dashboard foi realizado em parceria com a empresa multinacional EY. Nesse período, foram desenvolvidos dois dashboards, um para cada um dos dois clientes da EY inseridos no setor financeiro. Apesar de a primeira solução não ter entrado em produção, não saindo de teste, o painel que foi desenvolvido para o segundo cliente foi entregue com sucesso cumprindo o conjunto de objetivos inicialmente proposto. Umdesses objetivos era permitir que a solução fosse o mais autónoma e auto-sustentável possível, através da sua arquitetura de sistema. Apesar de terem diferentes componentes arquiteturais, ambas as soluções foram baseadas no mesmo modelo de três camadas. Enquanto a primeiro componente executa todas as operações de ingestão, análise e transformação de dados, a segundo é responsável pelo armazenamento dessas informações numa base de dados. Finalmente, o último componente, possivelmente o mais importante, é o software de visualização encarregue em exibir as informações anteriores em inteligência acionável através do poder da visualização de dados. Em suma, os pontos-chave listados acima convergiram no desenvolvimento de um Situational Awareness Dashboard que, em última análise, permite que as organizações tenham visibilidade das atividades do SOC, bem como uma percepção do desempenho e dos riscos que esta enfrenta

Military Security Issues (MSIs) and the Challenge of Internal Security Operations (ISOPs) in Nigeria

The Nigerian state over time have witnessed an increasing novel security issues that make the calls for military involvement on existing and emerging non-traditional security issues through Internal Security Operations (ISOPs) inevitable as these issues continues to metamorphosed revealing their high level belligerencies continually.In view of the aforementioned issues and many others, this paper adopts the empirical qualitative method to underscores Nigeria’s military security issues (MSIs) and the challenge of internal security operations (ISOPs) in establishing a clear understanding of existing military security issues, causes, challenges and implications of military involvement in internal security operations (ISOPs).The overarching theme of our findings would be that the Nigeria’s peculiar historical experience and security reality is that which has compelled military involvement in ISOPs and these issues fall within the theoretic spectacle of non-traditional security issues unlike the developed countries where their military security issues are still within the scope of traditional security issues. Also, the increasing novel security issues are dis-enabling militarism in many third world countries but the political, economic, socio-cultural, human and environmental cost of not involving the military into ISOPs is disastrous to national security and proper functioning of such countries experiencing hydra like security issues.This paper concludes that the fluid and ever changing nature of contemporary security issues especially with the increasing intra-state violence and the dwindling of inter-state violence, we will be witnessing continued and increasing military involvement in ISOPs inevitably in many countries and the need for professionalism in such military involvement cannot be overemphasized. Keywords: Issues, Internal Security, Military Security Issues (MSIs), Internal Security operations (ISOPs), Nigeria