Online from: 1993
Subject Area: Information and Knowledge Management
Options: To add Favourites and Table of Contents Alerts please take a Emerald profile
|Title:||Incident response requirements for distributed security information management systems|
|Author(s):||Sarandis Mitropoulos, (Department of Informatics, University of Piraeus, Piraeus, Greece), Dimitrios Patsos, (Department of Informatics, University of Piraeus, Piraeus, Greece), Christos Douligeris, (Department of Informatics, University of Piraeus, Piraeus, Greece)|
|Citation:||Sarandis Mitropoulos, Dimitrios Patsos, Christos Douligeris, (2007) "Incident response requirements for distributed security information management systems", Information Management & Computer Security, Vol. 15 Iss: 3, pp.226 - 240|
|Keywords:||Data security, Information systems|
|Article type:||Research paper|
|DOI:||10.1108/09685220710759568 (Permanent URL)|
|Publisher:||Emerald Group Publishing Limited|
Purpose – Security information management systems (SIMs) have been providing a unified distributed platform for the efficient management of security information produced by corresponding mechanisms within an organization. However, these systems currently lack the capability of producing and enforcing response policies, mainly due to their limited incident response (IR) functionality. This paper explores the nature of SIMs while proposing a set of requirements that could be satisfied by SIMs for the efficient and effective handling of security incidents.
Design/methodology/approach – These requirements are presented in a high-level architectural concept and include policy visualization, system intelligence to enable automated policy management, as well as, data mining elements for inspection, evaluation and enhancements of IR policies.
Findings – A primitive mechanism that could guarantee the freshness and accuracy of state information that SIMs provide in order to launch solid response alarms and actions for a specific incident or a series of incidents is proposed, along with a role based access control administrative model (ARBAC) based on a corporate model for IR. Basic forensic and trace-back concepts that should be integrated into SIMs in order to provide the rich picture of the IR puzzle are also examined.
Practical implications – The support of policy compliance and validation tools to SIMs is also addressed.
Originality/value – The aforementioned properties could greatly assist in automating the IR capability within an organization.
To purchase this item please login or register.
Complete and print this form to request this document from your librarian