Model-based security event management

Schütte, Julian; Rieke, Roland; Winkelvos, Timo

doi:10.1007/978-3-642-33704-8_16

2012

Conference Paper

Abstract

With the growing size and complexity of current ICT infrastructures, it becomes increasingly challenging to gain an overview of potential security breaches. Security Information and Event Management systems which aim at collecting, aggregating and processing security-relevant information are therefore on the rise. However, the event model of current systems mostly describes network events and their correlation, but is not linked to a comprehensive security model, including system state, security and compliance requirements, countermeasures, and affected assets. In this paper we introduce a comprehensive semantic model for security event management. Besides the description of security incidents, the model further allows to add conditions over the system state, define countermeasures, and link to external security models.

Author(s)

Schütte, Julian

Rieke, Roland

Winkelvos, Timo

Mainwork

Computer network security. 6th International Conference on Mathematical Methods, Models and Architectures for Computer Network Security, MMM-ACNS 2012

Conference

International Conference on Mathematical Methods, Models and Architectures for Computer Network Security (MMM-ACNS) 2012

Options

Model-based security event management