Security monitoring is a crucial activity in managing cybersecurity for any organization, as it plays a foundational role in various security processes and systems, such as risk identification and threat detection. To be effective, security monitoring is currently implemented by orchestrating multiple data sources to provide corrective actions promptly. Poor monitoring management can compromise an organization’s cybersecurity posture and waste resources. This issue is further exacerbated by the fact that monitoring infrastructures are typically managed with a limited resource budget. This paper addresses the problem of supporting security experts in managing security infrastructures efficiently and effectively by considering the trade-off cost-benefit between using specific monitoring tools and the benefit of including them in the organization’s infrastructure. To this aim, we introduce a graph-based model named Metric Graph Model (MGM) to represent dependencies between security metrics and the monitoring infrastructure. It is used to solve a set of security monitoring problems: (i) Metrics Computability, to assess the measurement capabilities of the monitoring infrastructure, (ii) Instrument Redundancy, to assess the utility of the instruments used for the monitoring, and (iii) Cost-Bounded Constraint, to identify the optimal monitoring infrastructure in terms of cost-benefit trade-off. We prove the NP-hardness of some of these problems, propose heuristics for solving them based on the Metric Graph Model and provide an experimental evaluation that shows their better performance than existing solutions. Finally, we present a usage scenario based on an instance of the Metric Graph Model derived from a state-of-the-art security metric taxonomy currently employed by organizations. It demonstrates how the proposed approach supports an administrator in optimizing the security monitoring infrastructure in terms of saving resources and speeding up the decision-making process.
How to assess measurement capabilities of a security monitoring infrastructure and plan investment through a graph-based approach / Palma, Alessandro; Sorrentino, Andrea; Bonomi, Silvia. - In: EXPERT SYSTEMS WITH APPLICATIONS. - ISSN 0957-4174. - 262:(2024). [10.1016/j.eswa.2024.125623]
How to assess measurement capabilities of a security monitoring infrastructure and plan investment through a graph-based approach
Palma, Alessandro
Primo
;Bonomi, Silvia
2024
Abstract
Security monitoring is a crucial activity in managing cybersecurity for any organization, as it plays a foundational role in various security processes and systems, such as risk identification and threat detection. To be effective, security monitoring is currently implemented by orchestrating multiple data sources to provide corrective actions promptly. Poor monitoring management can compromise an organization’s cybersecurity posture and waste resources. This issue is further exacerbated by the fact that monitoring infrastructures are typically managed with a limited resource budget. This paper addresses the problem of supporting security experts in managing security infrastructures efficiently and effectively by considering the trade-off cost-benefit between using specific monitoring tools and the benefit of including them in the organization’s infrastructure. To this aim, we introduce a graph-based model named Metric Graph Model (MGM) to represent dependencies between security metrics and the monitoring infrastructure. It is used to solve a set of security monitoring problems: (i) Metrics Computability, to assess the measurement capabilities of the monitoring infrastructure, (ii) Instrument Redundancy, to assess the utility of the instruments used for the monitoring, and (iii) Cost-Bounded Constraint, to identify the optimal monitoring infrastructure in terms of cost-benefit trade-off. We prove the NP-hardness of some of these problems, propose heuristics for solving them based on the Metric Graph Model and provide an experimental evaluation that shows their better performance than existing solutions. Finally, we present a usage scenario based on an instance of the Metric Graph Model derived from a state-of-the-art security metric taxonomy currently employed by organizations. It demonstrates how the proposed approach supports an administrator in optimizing the security monitoring infrastructure in terms of saving resources and speeding up the decision-making process.| File | Dimensione | Formato | |
|---|---|---|---|
|
Palma_How-accessess-measurement_2024.pdf
accesso aperto
Tipologia:
Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza:
Creative commons
Dimensione
2.26 MB
Formato
Adobe PDF
|
2.26 MB | Adobe PDF |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
