81 |
Návrh metodiky pro zavedení ISMS / Design of Methodology for Implementation of ISMSDokoupil, Ondřej January 2016 (has links)
This master’s thesis deals with the design of methodology for implementation of ISMS (Information Security Management System). The theoretical part describes the basic principles and procedures for processing of this domain, including normative and legal - legislative aspects. The next section is an analysis of the current state of the organization. On its basis the practical part is drafted, including an economic evaluation of the project and possible benefits of implementation.
|
82 |
Diseño de un Sistema de Gestión de Seguridad de la Información basado en la norma ISO/IEC 27001:2013 para la Municipalidad Distrital de El Agustino / Design of an Information Security Management System based on the ISO/IEC 27001:2013 standard for the District Municipality of El AgustinoMonteza Mera, Lisbet Odelly 26 February 2019 (has links)
Este proyecto describe el diseño del Sistema de Gestión de Seguridad de la Información basado en la norma ISO/IEC 27001:2013 para proteger los activos de información asociados al proceso de recaudación y fiscalización tributaria de la Municipalidad Distrital de El Agustino. Tal como sugiere la norma ISO 27001 se siguió el ciclo de Deming o PDCA y consta de las siguientes etapas: en la primera se realizó el diagnóstico inicial de la entidad con respecto a la norma ISO/IEC 27001:2013; en la segunda se estableció el contexto de la organización, definiendo los procesos, el alcance, la política de seguridad y el comité de seguridad de la información; en la tercera se siguió la metodología de análisis y gestión de riesgo bajo la norma ISO/IEC 31000 donde se identificó, clasificó y valoró los activos de información, se identificaron las amenazas y vulnerabilidades, se realizó el cálculo del impacto y del riesgo para luego realizar el plan de tratamiento de riesgos identificando los controles de la norma ISO/IEC 27002:2013; en la cuarta etapa se elaboró la Declaración de Aplicabilidad y finalmente se elaboró el documento del Manual del SGSI. Dentro de este marco el trabajo nos permitió concluir en la importancia de protección de los activos de información garantizando la confidencialidad, integridad y disponibilidad de estos. / This project describes the design of the Information Security Management System based on ISO / IEC 27001: 2013 to protect the information assets associated with the tax collection and control process of the District Municipality of El Agustino. As the ISO 27001 standard suggests, the Deming or PDCA cycle was followed and consists of the following stages: in the first one the initial diagnosis of the entity was made with respect to the ISO / IEC 27001: 2013 standard; in the second, the context of the organization was established, defining the processes, scope, security policy and information security committee; in the third, the risk analysis and management methodology was followed under the ISO / IEC 31000 standard where information assets were identified, classified and valued, threats and vulnerabilities were identified, impact and risk calculation was performed and then carry out the risk treatment plan identifying the controls of ISO / IEC 27002: 2013; in the fourth stage the Declaration of Applicability was prepared and finally the document of the ISMS Manual was prepared. Within this framework, the work allowed us to conclude on the importance of protection of information assets, guaranteeing their confidentiality, integrity and availability. / Tesis
|
83 |
Diseño de un Sistema de Gestión de Seguridad de Información para la empresa Neointel SAC basado en la norma ISO/IEC 27001:2013 / Design of an Information Security Management System for Neointel SAC based on ISO / IEC 27001: 2013Vásquez Ojeda, Agustín Wilmer 16 April 2020 (has links)
El presente trabajo de tesis tiene como objetivo Diseñar un Sistema de Gestión de Seguridad de Información (SGSI), para mejorar la calidad en el servicio del Call Center de la empresa Neointel SAC.
En este sentido, en presente modelo se detalla la manera más efectiva de como el Call Center va tratar sus riesgos de seguridad información, en base al anexo A de la norma ISO/IEC 27001: 2013, que permita reducir y mitigar los riesgos de los activos de información. Asimismo, se podrá reducir las vulnerabilidades tecnológicas a las que se encuentra expuesta el Call Center.
Por otro lado, el diseño de este trabajo nos permite, clasificar los principales activos de información, así como determinar los principales riesgos de información a los que se encuentran expuestos y como se va a tratar los riesgos de seguridad de información alineados a los objetivos de negocio.
Por último, se define los roles y responsabilidades dentro de la estructura organizacional de un Sistema de Gestión de Seguridad de Información (SGSI) y se propone un plan de tratamiento de riesgos, sobre los activos de información, la misma que ha permitido establecer a la empresa sus propios procedimientos de seguridad, los cuales se podrán apreciar en las políticas que la conforman. / This thesis work aims to Design an Information Security Management System (ISMS), to improve the quality of the service of the Call Center of the company Neointel SAC.
In this sense, this model details the most effective way in which the Call Center will deal with its information security risks, based on Annex A of ISO / IEC 27001: 2013, which allows reducing and mitigating the risks of information assets. Likewise, the technological vulnerabilities to which the Call Center is exposed can be reduced.
On the other hand, the design of this work allows us to classify the main information assets, as well as to determine the main information risks to which they are exposed and how the information security risks aligned with the objectives of deal.
Finally, the roles and responsibilities within the organizational structure of an Information Security Management System (ISMS) are defined and a risk treatment plan on information assets is proposed, which has allowed the establishment of company its own security procedures, which can be seen in the policies that comprise it. / Tesis
|
84 |
<b>Analyzing the Nexus between Cyberaggression and Cybersecurity Insider Threat Dynamics</b>Anirudh Vempati (16897563) 27 April 2024 (has links)
<p dir="ltr">In the modern, internet-connected world, online actions have a big impact. Organizational information system security is a complex issue, with both external attacks and internal vulnerabilities posing serious risks. Although there is ample evidence linking job discontent and stress in the context of insider threat prediction, the stress caused by a perceived lack of social support is mostly unstudied. This research seeks to address this gap by assessing how aggressive behaviors outside the workplace and the absence of offline social support can predict insider threat behaviors within organizations. Given the prevalence of insider threats, a comprehensive investigation into their motivations and actions is imperative. Understanding these dynamics can provide organizations with crucial insights to effectively manage this persistent risk. The widespread nature of insider threats calls for a thorough study into their roots, motives, and behaviors. By comprehensively analyzing these factors, companies can gain valuable insights into insider threats' dynamics and develop effective risk management strategies.</p><p dir="ltr">The study conducted a survey with 206 participants recruited through Amazon Mechanical Turk (MTurk), analyzing data using SPSS. The survey consisted of several questionnaires, including demographic information, insider threat traits, cyberaggressive behaviors, online and offline social support. The correlational analysis revealed significant variables related to insider threat characteristics. The results of the study suggested that Cyberbullying and Deception were significant predictors of Hacking and Identity Theft. Additionally, individuals displaying traits of Unwanted Contact and Online Harassment outside the workplace were more likely to exhibit insider threat behaviors within an organization. Notably, the lack of online social support was not found to be indicative of insider threats. However, the absence of offline social support was associated with an increased probability of individuals engaging in cybercrimes within organizational settings.</p><p dir="ltr">The findings suggest that organizations and information security policymakers should implement strategies to mitigate insider threats effectively. To manage insider threats, organizations should focus on behavioral cues, implement positive interventions and utilize technical monitoring to track online actions of insiders. Understanding the psychological, behavioral, and technical aspects of insider threats is crucial for early detection and prevention. Policymakers at companies should not only focus on traditional background checks related to criminal history but also consider psychological and behavioral factors to prevent insider threats effectively. By integrating these insights into policies and practices, companies can enhance their ability to mitigate potential insider threats effectively.</p><p dir="ltr">The present study augments the existing literature on insider threats and cyber aggression by examining the influence of stressors on employee behavior. Building upon prior research, this investigation delves into the nuanced impact of both offline and online social support systems on stress levels experienced by employees. It explores how the absence of adequate offline and online social support can exacerbate stress levels, consequently increasing the likelihood of insider threats and cyber aggression. In conclusion, the findings of this research contribute significantly to our understanding of the pivotal role of offline social support in mitigating workplace stress. Moreover, it underscores the importance of understanding individual online presence and background verification processes in evaluating potential risks within the workplace.</p>
|
85 |
Assuring Post Processed Telemetry Data Integrity With a Secure Data Auditing ApplianceKalibjian, Jeff, Wierenga, Steven 10 1900 (has links)
ITC/USA 2005 Conference Proceedings / The Forty-First Annual International Telemetering Conference and Technical Exhibition / October 24-27, 2005 / Riviera Hotel & Convention Center, Las Vegas, Nevada / Recent federal legislation (e.g. Sarbanes Oxley, Graham Leach Bliley) has introduced
requirements for compliance including records retention and records integrity. Many industry
sectors (e.g. Energy, under the North American Energy Reliability Council) are also introducing
their own voluntary compliance mandates to avert possible additional federal regulation. A
trusted computer appliance device dedicated to data auditing may soon be required in all
corporate IT infrastructures to accommodate various compliance directives. Such an auditing
device also may have application in telemetry post processing environments, as it maybe used to
guarantee the integrity of post-processed telemetry data.
|
86 |
The governance of significant enterprise mobility security risksBrand, Johanna Catherina 12 1900 (has links)
Thesis (MComm)--Stellenbosch University, 2013. / ENGLISH ABSTRACT: Enterprise mobility is emerging as a megatrend in the business world. Numerous
risks originate from using mobile devices for business-related tasks and most of
these risks pose a significant security threat to organisations’ information.
Organisations should therefore apply due care during the process of governing the
significant enterprise mobility security risks to ensure an effective process to mitigate
the impact of these risks.
Information technology (IT) governance frameworks, -models and -standards can
provide guidance during this governance process to address enterprise mobility
security risks on a strategic level. Due to the existence of the IT gap these risks are
not effectively governed on an operational level as the IT governance frameworks,
-models and -standards do not provide enough practical guidance to govern these
risks on a technical, operational level.
This study provides organisations with practical, implementable guidance to apply
during the process of governing these risks in order to address enterprise mobility
security risks in an effective manner on both a strategic and an operational level.
The guidance given to organisations by the IT governance frameworks, -models and
-standards can, however, lead to the governance process being inefficient and
costly. This study therefore provides an efficient and cost-effective solution, in the
form of a short list of best practices, for the governance of enterprise mobility
security risks on both a strategic and an operational level. / AFRIKAANSE OPSOMMING: Ondernemingsmobiliteit kom deesdae as ‘n megatendens in die besigheidswêreld te
voorskyn. Talle risiko's ontstaan as gevolg van die gebruik van mobiele toestelle vir
sake-verwante take en meeste van hierdie risiko's hou 'n beduidende
sekuriteitsbedreiging vir organisasies se inligting in. Organisasies moet dus tydens
die risikobestuursproses van wesenlike mobiliteit sekuriteitsrisiko’s die nodige sorg
toepas om ‘n doeltreffende proses te verseker ten einde die impak van hierdie
risiko’s te beperk.
Informasie tegnologie (IT)- risikobestuurraamwerke, -modelle en -standaarde kan op
‘n strategiese vlak leiding gee tydens die risikobestuursproses waarin mobiliteit
sekuriteitsrisiko’s aangespreek word. As gevolg van die IT-gaping wat bestaan, word
hierdie risiko’s nie effektief op ‘n operasionele vlak bestuur nie aangesien die ITrisikobestuurraamwerke,
-modelle en -standaarde nie die nodige praktiese leiding
gee om hierdie risiko’s op ‘n tegniese, operasionele vlak te bestuur nie.
Om te verseker dat organisasies mobiliteit sekuriteitsrisiko’s op ‘n effektiewe manier
op beide ‘n strategiese en operasionele vlak bestuur, verskaf hierdie studie praktiese,
implementeerbare leiding aan organisasies wat tydens die bestuursproses van
hierdie risiko’s toegepas kan word.
Die leiding aan organisasies, soos verskaf in die IT-risikobestuurraamwerke, -
modelle en -standaarde, kan egter tot’n ondoeltreffende en duur
risikobestuursproses lei. Hierdie studie bied dus 'n doeltreffende, koste-effektiewe
oplossing, in die vorm van 'n kort lys van beste praktyke, vir die bestuur van die
mobiliteit sekuriteitsrisiko’s op beide 'n strategiese en 'n operasionele vlak.
|
87 |
A framework for correlation and aggregation of security alerts in communication networks : a reasoning correlation and aggregation approach to detect multi-stage attack scenarios using elementary alerts generated by Network Intrusion Detection Systems (NIDS) for a global security perspectiveAlserhani, Faeiz January 2011 (has links)
The tremendous increase in usage and complexity of modern communication and network systems connected to the Internet, places demands upon security management to protect organisations' sensitive data and resources from malicious intrusion. Malicious attacks by intruders and hackers exploit flaws and weakness points in deployed systems through several sophisticated techniques that cannot be prevented by traditional measures, such as user authentication, access controls and firewalls. Consequently, automated detection and timely response systems are urgently needed to detect abnormal activities by monitoring network traffic and system events. Network Intrusion Detection Systems (NIDS) and Network Intrusion Prevention Systems (NIPS) are technologies that inspect traffic and diagnose system behaviour to provide improved attack protection. The current implementation of intrusion detection systems (commercial and open-source) lacks the scalability to support the massive increase in network speed, the emergence of new protocols and services. Multi-giga networks have become a standard installation posing the NIDS to be susceptible to resource exhaustion attacks. The research focuses on two distinct problems for the NIDS: missing alerts due to packet loss as a result of NIDS performance limitations; and the huge volumes of generated alerts by the NIDS overwhelming the security analyst which makes event observation tedious. A methodology for analysing alerts using a proposed framework for alert correlation has been presented to provide the security operator with a global view of the security perspective. Missed alerts are recovered implicitly using a contextual technique to detect multi-stage attack scenarios. This is based on the assumption that the most serious intrusions consist of relevant steps that temporally ordered. The pre- and post- condition approach is used to identify the logical relations among low level alerts. The alerts are aggregated, verified using vulnerability modelling, and correlated to construct multi-stage attacks. A number of algorithms have been proposed in this research to support the functionality of our framework including: alert correlation, alert aggregation and graph reduction. These algorithms have been implemented in a tool called Multi-stage Attack Recognition System (MARS) consisting of a collection of integrated components. The system has been evaluated using a series of experiments and using different data sets i.e. publicly available datasets and data sets collected using real-life experiments. The results show that our approach can effectively detect multi-stage attacks. The false positive rates are reduced due to implementation of the vulnerability and target host information.
|
88 |
Gestion de la sécurité dans une infrastructure de services dynamique : Une approche par gestion des risques / Security management in a dynamic services' infrastructure : A risk management approachBou Nassar, Pascal 21 December 2012 (has links)
Les changements de contexte économiques imposent de nouvelles stratégies organisationnelles aux entreprises : recentrages métier et développement de stratégies de collaboration interentreprises. Ces tendances du marché laissent prévoir une croissance exponentielle d’écosystèmes de service accessibles à la fois aux clients finaux et aux partenaires. Tout laisse prévoir que ces écosystèmes s’appuieront largement sur les architectures orientées services permettant de construire des systèmes d’information capable d’avoir l’agilité requise et de supporter l’interconnexion des processus métier collaboratifs en composant dynamiquement les processus à partir de services distribués. Ce type d’architecture qui permet d’assurer l’alignement du système d’information sur les besoins métier de l’entreprise, rend indispensable la prise en compte des contraintes de sécurité tant au niveau individuel des services qu’au niveau de la composition. Dans un environnement de services distribués et dynamiques, la sécurité ne doit pas se limiter à fournir des solutions technologiques mais à trouver une stratégie de sécurité prenant en compte les dimensions métier, organisationnelle et technologique. En outre, la sécurité doit être appréhendée comme un processus continu qui vise l’optimisation des investissements de sécurité et assure la pérennité des mesures de sécurité mises en œuvre. Or les modèles et architectures de référence du domaine des services ont sous-estimé la définition des besoins en termes de sécurité, les biens à protéger et l’identification des risques pesant sur ces biens. Pour cela, nous proposons d’aborder la problématique de la sécurité par une approche de gestion des risques permettant d’identifier les différents types de risques et de proposer les mesures de sécurité les plus adéquates au contexte. Toutefois, la gestion des risques s’avère un vrai défi dans un environnement ouvert de services collaboratifs. En effet, les méthodes de gestion des risques développées dans le cadre des systèmes d’information ne répondent pas aux exigences de sécurité dans un environnement ouvert et ne sont pas adaptées aux environnements dynamiques. Pour pallier ces limites, nous proposons un cadre méthodologique de gestion de la sécurité portant sur les phases préparation, conception, exécution et supervision du cycle de vie des services. Nous proposons un modèle de services sécurisés permettant de définir des patrons de sécurité, un modèle de classification des biens à protéger et une ontologie pour définir les concepts associés à ces biens. En outre, nous développons une méthodologie de conception d’une architecture orientée services sécurisée puis abordons la construction de processus métier sécurisés avant de proposer un service de gestion des vulnérabilités de l’infrastructure. / Changes in economic environment impose new organizational strategies to companies: refocusing business and creating collaboration strategies. These trends point to an exponential growth of service ecosystems accessible to both end users and partners. All foreshadows that these ecosystems rely heavily on service-oriented architectures that can build information systems having the required agility and supporting the interconnection of collaborative business processes by composing processes dynamically from distributed services. This type of architecture that ensures business and information systems alignment, makes it essential to take into account security constraints at the services’ and the composition’s levels. In a distributed and dynamic services’ environment, security should not be limited to providing technological solutions but to find a security strategy taking into account the business, organizational and technological dimensions. Besides, the security must be considered as an ongoing process that aims to optimize security investments and ensures the sustainability of implemented security measures. However, the models and reference architectures in the services’ domain have underestimated the definition of security requirements, assets to protect and the identification of risks to those assets. Therefore, we propose to address the security management issues by a risk management approach to identify the different types of risks and propose the most appropriate security measures to the context. Nevertheless, risk management is a real challenge in an open collaborative services’ environment. The methods of risk management developed in the context of information systems do not meet the security requirements in an open environment and are not suitable for dynamic environments. To overcome these limitations, we propose a methodological framework for security management covering the phases: preparation, design, execution and supervision of the services’ lifecycle. We propose a model of secure services to identify security patterns, an assets’ classification model and an ontology defining the concepts associated with those assets. Moreover, we develop a methodology for designing secure service oriented architectures, we address the development of secure business processes then we propose a security service for managing and supervising the infrastructure components’ vulnerabilities.
|
89 |
Análise do uso de novas tecnologias na troca e armazenamento de informações de saúde e o segredo profissional / Analysis of the use of new technologies in the exchange and storage of health information and in relation to the professional secrecyJacob, Carlos Henrique 26 February 2010 (has links)
O caráter privativo das informações de saúde, reconhecido e valorizado desde a antigüidade clássica, hoje é considerado como um dos fatores indispensáveis à manutenção da sociedade, das garantias constitucionais de liberdade e também, em última instância, à própria democracia. Essa importância é demonstrada pela existência do segredo profissional, que, para as profissões da área da saúde (como medicina, odontologia, psicologia, nutrição etc.) de um modo positivo, coloca aos profissionais a necessidade de se guardar segredo a respeito de todas as informações sobre as quais adquire-se conhecimento no exercício de suas profissões. No Brasil, a questão da manutenção do segredo profissional das profissões de saúde adquire um caráter dramático quando se leva em consideração a implementação da Troca de Informações em Saúde Suplementar por parte da Agência Nacional de Saúde Suplementar, autarquia especial que regula o setor de saúde suplementar. Pretendendo facilitar a troca de informações entre prestadores de serviços e operadoras, e também permitir e homogeneizar a obtenção de informação para o estabelecimento de políticas públicas, a Troca de Informações em Saúde Suplementar já é realizada desde 2008, envolvendo todas as informações de saúde de mais de 52 milhões de beneficiários. A utilização de tecnologias de troca de informação e a criação de bancos de dados, associados a um histórico de vazamento de dados sensíveis, criam dúvidas sobre a manutenção do segredo profissional e o caráter privado das informações de saúde. Neste trabalho, foi analisada a legislação estruturante da Troca de Informações em Saúde Suplementar no que diz respeito aos requisitos de segurança para a troca e armazenamento de informação sensível com o intuito de verificar se essa legislação supre, de modo eficaz, a exigência de proteção à manutenção do caráter privativo das informações de saúde que existe nos Códigos de Ética Profissionais e no Código Civil Brasileiro. Apesar das exigências para a segurança das informações ser, hoje, adequada à manutenção do segredo profissional enquanto essas informações são trocadas ou encontram-se armazenadas nas operadoras de planos de saúde, a norma se fia nos requisitos estabelecidos por um órgão privado cujas prioridades, naturalmente, podem, no futuro, não estar vinculadas exclusivamente ao maior bem social. Ademais, não se observa na legislação uma atenção ou recomendações dedicadas ao profissional em consultório isolado e que armazena os dados de seus pacientes em computadores pessoais previamente ao envio via internet. Além disso, em consultas realizadas à ANS em agosto e setembro de 2009 a respeito dos dados transmitidos pelas operadoras à Agência para o cumprimento do disposto nos artigos 20 e 32 da lei 9656/98, não se obteve resposta a respeito de quais dados são repassados pelas operadoras à ANS, nem sobre quais os padrões de segurança a que estes dados estão submetidos, nem, tampouco, sobre quais os indivíduos que têm acesso a estes dados, indicando falta da necessária transparência que é essencial a uma autarquia regulatória de um setor de interesse social. Estes fatos indicam claramente que a manutenção do segredo profissional está em risco nas atuais condições. / Health information is valued and recognized as sensible and private since ancient times. It is also considered one of the most important factors in maintaining and supporting the fabric of society, the constitutional guarantee of liberty and also, democracy itself. Health professionals have the duty to keep all their patients information private. In Brazil, this acquires a dramatic character when one considers the recently implemented Information Exchange in Suplementary Health (TISS) by the Agência Nacional de Saúde Suplementar, governments regulating bureau for the suplementary health sector. Intending to facilitate the information exchange between service providers and health operators, and also to standardize the process of obtaining and providing information for policy makers, the Information Exchange has been in use since 2008 and involves identifiable health information of more than 52 million users. Technologies to allow health information exchange and the creation of data banks associated with sensible information data leaks raise doubts over the ability to keep health information safe from prying eyes. In this study, the structural legislation of the Information Exchange in Suplementary Health was analysed regarding the safety requirements proposed for the health information exchange and storage, to verify if it addresses the demand that exists in professional codes of ethics and also in Brazils Código Civil to protect the privacy of health information. Although - by todays standards - the requirements for information security are deemed adequate for the safekeeping and in addressing the need for privacy and security while the information is exchanged or stored by the health plans operators, theres no dedicated attention to recomendations for the professionals on their small practice offices, who hold their patients information on their personal computers. Also, the law establishes that a private agency is responsible for dictating the requirements that keep the information safe, a measure that is not entirely risk-safe as the interests of the private sector may shift with the market, leaving the social needs/interests behind. Besides these facts, when consulting the Agência Nacional de Saúde Suplementar in august and september 2009 regarding what kind of data is transmitted by the Health Plans operators and what kind of security measures are undertaken to protect this data, no answer was obtained, indicating a lack of transparency that is apalling in a regulatory bureau that serves the society. These facts clearly indicate that the maintenance of professional secrecy and patient privacy is threatened in current conditions. Keywords: computer systems security management, professional secrecy, information accountability, Agência Nacional de Saúde Suplementar (Brazil)
|
90 |
Sobre a estruturação de informação em sistemas de segurança computacional: o uso de ontologias / On the structuring of information in computing security systems: the use of ontologiesMartimiano, Luciana Andréia Fondazzi 18 September 2006 (has links)
Como a quantidade e a complexidade de informações disponíveis sobre incidentes de segurança é crescente, as tarefas de manipular e gerenciar essas informações tornaram-se bastante custosas. Diversas ferramentas de gerenciamento de segurança estão disponíveis para auxiliar os administradores. Essas ferramentas podem monitorar tudo que entra e saí de uma intranet, como os firewalls; podem monitorar o tráfego interno da rede para saber o que está acontecendo e detectar possíveis ataques, como os sistemas de detecção de intrusão (SDIs); podem varrer arquivos em busca de códigos maliciosos, como os antivírus; podem criar filtros de emails para evitar spams, vírus ou worms; ou podem varrer uma rede em busca de vulnerabilidades nos sistemas, como os scanners e os agentes móveis inteligentes. Essas ferramentas geram uma grande quantidade de logs com informações que são coletadas e armazenadas em formatos próprios e diferentes. Essa falta de um formato único para armazenar as informações de incidentes de segurança, faz com que o trabalho dos administradores fique ainda mais difí?cil, pois eles/elas devem ser capazes de entender todos esses formatos para identificar e correlacionar informações quando, por exemplo, há um ataque ou uma invasãoo em andamento. Esta tese descreve o projeto e o desenvolvimento de ontologias para representar em uma estrutura padronizada informações sobre incidentes de segurança. A ontologia desenvolvida é denominada OntoSec - Security Incident Ontology. Este trabalho cobre: (i) como utilizar ontologias para compartilhar e reusar informações sobre incidentes; (ii) como correlacionar incidentes por meio de ontologias; (iii) como facilitar a interoperabilidade entre diferentes ferramentas de segurança; (iv) a modelagem de um sistema de gerenciamento de incidentes com base na ontologia; e (v) o processo de avaliação da ontologia desenvolvida. Além disso, a OntoSec pretende apoiar as decisões gerenciais realizadas pelos administradores quando problemas de segurança acontecem, possibilitando que essas decisões sejam tomadas de maneira mais eficiente e eficaz / As the amount and the complexity of security incidents information have grown exponentially, managing and manipulating these information have become more expensive. Several security tools can be used to assist the administrators in performing these tasks. These tools can monitor what comes from Internet and goes to it, as the firewalls do; they can monitor the intranet traffic, as usually is done by an Intrusion Detection System (IDS); they can search for malicious codes in files or emails, as made by the antivirus; they can create filters to process spams, viruses or worms; or they can scan the intranet for vulnerabilities, as the scanners and the intelligent agents. These tools collect and store a great amount of information, using different formats. This lack of unique commonly agreed formats to store information about security incidents, make the administrators? job even harder, because they have to be able to understand all these formats to identify and to correlate information when, for instance, there is an attack or an invasion in progress. In this thesis I describe the design and development of ontologies to represent in a standard structure information about security incidents. The ontology developed is named OntoSec - Security Incident Ontology. This work covers: (i) how to use ontologies to share and reuse information about incidents; (ii) how to make it easier to correlate incidents; (iii) how to make it possible the interoperability amongs security tools; (iv) modeling of a security incident management system based on OntoSec; and (v) evaluation process of the ontology that has been developed. Besides that, the OntoSec aims to support the decisions made by the administrators when security problems happen, making the process more efficient and effective
|
Page generated in 0.1279 seconds