A Mission-Impact-Based Approach to INFOSEC Alarm Correlation
نویسندگان
چکیده
We describe a mission-impact-based approach to the analysis of security alerts produced by spatially distributed heterogeneous information security (INFOSEC) devices, such as firewalls, intrusion detection systems, authentication services, and antivirus software. The intent of this work is to deliver an automated capability to reduce the time and cost of managing multiple INFOSEC devices through a strategy of topology analysis, alert prioritization, and common attribute-based alert aggregation. Our efforts to date have led to the development of a prototype system called the Mission Impact Intrusion Report Correlation System, or MCorrelator. M-Correlator is intended to provide analysts (at all experience levels) a powerful capability to automatically fuse together and isolate those INFOSEC alerts that represent the greatest threat to the health and security of their networks.
منابع مشابه
The Emerald Mission-based Correlation System – an Experimental Data Analysis of Air Force Research Laboratory (afrl) Air Force Enterprise Defense (afed) Information Security (infosec) Alarms
متن کامل
Enforcing Information Security Protection: Risk Propensity and Self-Efficacy Perspectives
Effective information security (InfoSec) management cannot be achieved through only technology; people are the weakest point in security and their behaviors such as inappropriate use of computer and network resources, file sharing habits etc. cannot be controlled by security technologies. Although the importance of individuals’ InfoSec behaviors has been widely recognized, there is limited unde...
متن کاملevelopment and eployment Ex esience of Netwo Correlation Applications
The development and deployment experience of IMPACT, an expert system shell dedicated to the tasks of real-time network alarm correlation, is discussed. IMPACT was developed at GTE Laboratories and since 1991 has been used at GTE to build and field various telecommunications network (both wireline and cellular) event correlation applications. IMPACT incorporates an advanced real-time event corr...
متن کاملConsiderations for Allocating Resources for Information Security
This paper includes a brief survey illustrating the approach to information security (INFOSEC) investment taken by various organizations, as well as guidelines based on Federal Aviation Administration (FAA) management plans to allocate limited funds among proposals for enhancing National Airspace System (NAS) INFOSEC.
متن کاملDesigning a Special Training Protocol Based on the Physiological Demands of the Police Station
Background and Aim: Doing military exercises without considering special physiological demands reduces the training efficiency and the inability to achieve goals, as well as the failure to prepare officers for job duties. Therefore, the purpose of this study was to design a special training protocol based on the physiological demands of the Police Station. Methods: The present study was conduct...
متن کامل