A Framework and Prototype for A Socio-Technical Security Information and Event Management System (ST-SIEM)

摘要

In this short paper we present a socio-technical framework for integrating a security risk escalation maturity model into a security information and event management system. The objective of the framework is to develop the foundations for the next generation socio-technical security information and event management systems (ST-SIEMs) enabling socio-technical security operations centers (ST-SOCs). The primary benefit of the socio-technical framework is twofold: supporting organizations in overcoming the identified limitations in their security risk escalation maturity, and supporting SOCs in overcoming the limitations of their SIEMs. The risk escalation maturity level is quantified using metrics. These metrics are then used by SIEMs for cross correlating security events before they are disseminated to respective organizations. Typical SIEMs in use today calculate security events using generic risk factors not necessarily relevant for every organization. The proposed framework can enable security administrators to effectively and efficiently manage security warnings and to establish necessary countermeasures.