Workflow based security incident management

Authors:
Meletis A. Belsis;Alkis Simitsis;Stefanos Gritzalis
Affiliations:
Department of Information and Communication Systems Engineering, University of the Aegean, Samos, Greece;Department of Electrical and Computer Engineering, National Technical University of Athens, Athens, Greece;Department of Information and Communication Systems Engineering, University of the Aegean, Samos, Greece
Venue:
PCI'05 Proceedings of the 10th Panhellenic conference on Advances in Informatics
Year:
2005

Citing 11
Cited 0

World Wide Database—integrating the Web, CORBA and databases

SIGMOD '99 Proceedings of the 1999 ACM SIGMOD international conference on Management of data
AJAX: an extensible data cleaning tool

SIGMOD '00 Proceedings of the 2000 ACM SIGMOD international conference on Management of data
Data integration: a theoretical perspective

Proceedings of the twenty-first ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
The Data Warehouse Lifecycle Toolkit: Expert Methods for Designing, Developing and Deploying Data Warehouses with CD Rom

The Data Warehouse Lifecycle Toolkit: Expert Methods for Designing, Developing and Deploying Data Warehouses with CD Rom
Potter's Wheel: An Interactive Data Cleaning System

Proceedings of the 27th International Conference on Very Large Data Bases
Using Java and CORBA for Implementing Internet Databases

ICDE '99 Proceedings of the 15th International Conference on Data Engineering
Personalization of Queries in Database Systems

ICDE '04 Proceedings of the 20th International Conference on Data Engineering
The OSU Flow-tools Package and CISCO NetFlow Logs

LISA '00 Proceedings of the 14th USENIX conference on System administration
Optimizing ETL Processes in Data Warehouses

ICDE '05 Proceedings of the 21st International Conference on Data Engineering
State-Space Optimization of ETL Workflows

IEEE Transactions on Knowledge and Data Engineering
A generic and customizable framework for the design of ETL scenarios

Information Systems - Special issue: The 15th international conference on advanced information systems engineering (CAiSE 2003)

Quantified Score

Hi-index	0.01

Visualization

Abstract

Security incident management is one of the critical areas that offers valuable information to security experts, but still lacks much development. Currently, several security incident database models have been proposed and used. The discrepancies of such databases entail that worldwide incident information is stored in different formats and places and, so, do not provide any means for Computer Security Incident Response Teams (CSIRTs) collaboration. This paper presents an architecture based on advance database techniques, able to collect incident related information from different sources. Our framework enhances the incident management process by allowing the law enforcement units to (a) collect the required evidence from incident data that are spread through a number of different incident management systems; (b) transform, clean, and homogenize them; and, finally, (c) load them to a central database management system. Such architecture can also be beneficial by minimizing the mean time between the appearance of a new incident and its publication to the worldwide community.