Bridging Knowledge Gaps in Security Analytics

Fabian Böhm, Manfred Vielberth, Günther Pernul

Abstract

In a cyber-physical world, the number of links between corporate assets is growing and infrastructures are becoming more complex. This and related developments significantly enlarge the attack surface of organizations. Additionally, more and more attacks do not exploit technical vulnerabilities directly but gain a foothold through phishing or social engineering. Since traditional security systems prove to be no longer sufficient to detect incidents effectively, humans and their specialized knowledge are becoming a critical security factor. Therefore, it is vital to maintain an overview of the cybersecurity knowledge spread across the entire company. However, there is no uniform understanding of knowledge in the field of security analytics. We aim to close this gap by formalizing knowledge and defining a conceptual knowledge model in the context of security analytics. This allows existing research to be better classified and shows that individual areas offer much potential for future research. In particular, the collaboration between domain experts but also between machines and employees could enable the exploitation of previously unused but crucial knowledge. For example, this knowledge is of great value for defining security rules in current security analytics systems. We introduce a proof of concept implementation using visual programming to showcase how even security novices can easily contribute their knowledge to security analytics.

Download


Paper Citation


in Harvard Style

Böhm F., Vielberth M. and Pernul G. (2021). Bridging Knowledge Gaps in Security Analytics.In Proceedings of the 7th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-491-6, pages 98-108. DOI: 10.5220/0010225400980108


in Bibtex Style

@conference{icissp21,
author={Fabian Böhm and Manfred Vielberth and Günther Pernul},
title={Bridging Knowledge Gaps in Security Analytics},
booktitle={Proceedings of the 7th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2021},
pages={98-108},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010225400980108},
isbn={978-989-758-491-6},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 7th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Bridging Knowledge Gaps in Security Analytics
SN - 978-989-758-491-6
AU - Böhm F.
AU - Vielberth M.
AU - Pernul G.
PY - 2021
SP - 98
EP - 108
DO - 10.5220/0010225400980108