loading
Papers

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Giuseppe Settanni ; Florian Skopik ; Yegor Shovgenya and Roman Fiedler

Affiliation: AIT Austrian Institute of Technology, Austria

ISBN: 978-989-758-167-0

Keyword(s): Cyber Incident Handling, Security Operation Center, Situational Awareness.

Related Ontology Subjects/Areas/Topics: Internet Technology ; Intrusion Detection and Response ; Web Information Systems and Technologies

Abstract: Information and Communication Technology (ICT) systems are predominant in today’s energy, finance, transportation and telecommunications infrastructures. Protecting such Critical Infrastructures (CIs) against modern cyber threats and respond to sophisticated attacks is becoming as complex as essential. A synergistic and coordinated effort between multiple organizations is required in order to tackle this kind of threats. Incidents occurring in interconnected critical infrastructures can be effectively handled only if a cooperation plan between different stakeholders is in place. Organizations need to cooperatively exchange security-relevant information in order to obtain a broader knowledge on the current cyber situation of their infrastructures and timely react if necessary. National cyber Security Operations Centers (SOCs), as proposed by the European NIS directive, are being established worldwide to achieve this goal. Critical infrastructure providers are asked to report to the nat ional SOCs about security issues revealed in their networks. National SOCs correlate all the gathered data, analyze it and eventually provide support and mitigation strategies to the affiliated organizations. Although most of these tasks can be automated, human involvement is still necessary to enable SOCs to adequately take decisions on occurring incidents and quickly implement counteractions. In this paper we therefore introduce and evaluate a semi-automated analysis engine for cyber incident handling. The proposed approach, named CAESAIR (Collaborative Analysis Engine for Situational Awareness and Incident Response), aims at supporting SOC operators in collecting significant security-relevant data from various sources, investigating on reported incidents, correlating them and providing a possible interpretation of the security issues affecting concerned infrastructures. (More)

PDF ImageFull Text

Download
CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 3.215.182.36

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Settanni, G.; Skopik, F.; Shovgenya, Y. and Fiedler, R. (2016). A Collaborative Analysis System for Cross-organization Cyber Incident Handling.In Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-167-0, pages 105-116. DOI: 10.5220/0005688301050116

@conference{icissp16,
author={Giuseppe Settanni. and Florian Skopik. and Yegor Shovgenya. and Roman Fiedler.},
title={A Collaborative Analysis System for Cross-organization Cyber Incident Handling},
booktitle={Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2016},
pages={105-116},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005688301050116},
isbn={978-989-758-167-0},
}

TY - CONF

JO - Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - A Collaborative Analysis System for Cross-organization Cyber Incident Handling
SN - 978-989-758-167-0
AU - Settanni, G.
AU - Skopik, F.
AU - Shovgenya, Y.
AU - Fiedler, R.
PY - 2016
SP - 105
EP - 116
DO - 10.5220/0005688301050116

Login or register to post comments.

Comments on this Paper: Be the first to review this paper.