To read this content please select one of the options below:

SIEM‐based framework for security controls automation

Raydel Montesino (University of Informatics Sciences (UCI), La Habana, Cuba)
Stefan Fenz (SBA Research and Vienna University of Technology, Vienna, Austria)
Walter Baluja (Polytechnic University José Antonio Echeverría (ISPJAE), La Habana, Cuba)

Information Management & Computer Security

ISSN: 0968-5227

Article publication date: 5 October 2012

3846

Abstract

Purpose

The purpose of this paper is to propose a framework for security controls automation, in order to achieve greater efficiency and reduce the complexity of information security management.

Design/methodology/approach

This research reviewed the controls recommended by well known standards such as ISO/IEC 27001 and NIST SP 800‐53; and identified security controls that can be automated by existing hard‐and software tools. The research also analyzed the Security Information and Event Management (SIEM) technology and proposed a SIEM‐based framework for security controls automation, taking into account the automation potential of SIEM systems and their integration possibilities with several security tools.

Findings

About 30 per cent of information security controls can be automated and they were grouped in a list of ten automatable security controls. A SIEM‐based framework can be used for centralized and integrated management of the ten automatable security controls.

Practical implications

By implementing the proposed framework and therefore automating as many security controls as possible, organizations will achieve more efficiency in information security management, reducing also the complexity of this process. This research may also be useful for SIEM vendors, in order to include more functionality to their products and provide a maximum of security controls automation within SIEM platforms.

Originality/value

This paper delimits the boundaries of information security automation and defines what automation means for each security control. A novel framework for security controls automation is proposed. This research provides an automation concept that goes beyond what it is normally described in previous works and SIEM solutions.

Keywords

Citation

Montesino, R., Fenz, S. and Baluja, W. (2012), "SIEM‐based framework for security controls automation", Information Management & Computer Security, Vol. 20 No. 4, pp. 248-263. https://doi.org/10.1108/09685221211267639

Publisher

:

Emerald Group Publishing Limited

Copyright © 2012, Emerald Group Publishing Limited

Related articles