Model-Based security event management

Authors:
Julian Schütte;Roland Rieke;Timo Winkelvos
Affiliations:
Fraunhofer Institution AISEC, Munich, Germany;Fraunhofer Institute SIT, Darmstadt, Germany;Fraunhofer Institute SIT, Darmstadt, Germany
Venue:
MMM-ACNS'12 Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security
Year:
2012

Citing 3
Cited 1

Event-driven rules for sensing and responding to business situations

Proceedings of the 2007 inaugural international conference on Distributed event-based systems
On a formal framework for security properties

Computer Standards & Interfaces
Integration of a system for critical infrastructure protection with the OSSIM SIEM platform: a dam case study

SAFECOMP'11 Proceedings of the 30th international conference on Computer safety, reliability, and security

Architecting a security strategy measurement and management system

Proceedings of the Workshop on Model-Driven Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

With the growing size and complexity of current ICT infrastructures, it becomes increasingly challenging to gain an overview of potential security breaches. Security Information and Event Management systems which aim at collecting, aggregating and processing security-relevant information are therefore on the rise. However, the event model of current systems mostly describes network events and their correlation, but is not linked to a comprehensive security model, including system state, security and compliance requirements, countermeasures, and affected assets. In this paper we introduce a comprehensive semantic model for security event management. Besides the description of security incidents, the model further allows to add conditions over the system state, define countermeasures, and link to external security models.