The Incident Management Process (IMP) is crucial to prevent, protect against, and respond to security incidents that impact an organization. To ensure readiness for potential alerts, the IMP must comply with security standards, which provide guidelines for managing such incidents, and organizations are expected to adhere to these standards to establish a secure-by-design approach. Evaluating an organization’s compliance with security standards is often labor-intensive, as traditional methods rely heavily on manual analysis. Incorporating automated approaches to aid decision-making presents additional challenges, such as data interpretation and correlation. To address these challenges, we present IMPAVID, a visual analytics solution designed to support the assessment of IMP compliance through process-centric techniques. IMPAVID aims to enhance the security assessor’s awareness, enabling them to make informed decisions about improving the IMP alignment with regulatory and technical standards. To ensure the context-awareness of these techniques, IMPAVID leverages a deviations taxonomy and a cost model to propose a more fine-grained analysis linking together process and technical data while allowing to focus on general root causes for non-compliance. In the literature, cost models often rely on parametric cost functions that provide a valuable solution for fine-grained assessments while introducing additional challenges related to the effort necessary for security assessors to determine suitable parameter configurations. Thus, the IMPAVID system implements additional requirements and a visual environment to support data-driven, assisted, and interactive parameter configuration during IMP compliance assessment. We validate our system by presenting a comprehensive case study based on a publicly available dataset, which includes real IMP log data from an IT company. It shows the system’s capabilities to perform IMP compliance assessment while dynamically configuring the parameters of the proposed compliance cost model, enabling more effective and efficient analysis.
IMPAVID: Enhancing incident management process compliance assessment with visual analytics / Palma, Alessandro; Angelini, Marco. - In: COMPUTERS & GRAPHICS. - ISSN 0097-8493. - 130:(2025), pp. 1-12. [10.1016/j.cag.2025.104243]
IMPAVID: Enhancing incident management process compliance assessment with visual analytics
Alessandro Palma
Primo
;Marco Angelini
2025
Abstract
The Incident Management Process (IMP) is crucial to prevent, protect against, and respond to security incidents that impact an organization. To ensure readiness for potential alerts, the IMP must comply with security standards, which provide guidelines for managing such incidents, and organizations are expected to adhere to these standards to establish a secure-by-design approach. Evaluating an organization’s compliance with security standards is often labor-intensive, as traditional methods rely heavily on manual analysis. Incorporating automated approaches to aid decision-making presents additional challenges, such as data interpretation and correlation. To address these challenges, we present IMPAVID, a visual analytics solution designed to support the assessment of IMP compliance through process-centric techniques. IMPAVID aims to enhance the security assessor’s awareness, enabling them to make informed decisions about improving the IMP alignment with regulatory and technical standards. To ensure the context-awareness of these techniques, IMPAVID leverages a deviations taxonomy and a cost model to propose a more fine-grained analysis linking together process and technical data while allowing to focus on general root causes for non-compliance. In the literature, cost models often rely on parametric cost functions that provide a valuable solution for fine-grained assessments while introducing additional challenges related to the effort necessary for security assessors to determine suitable parameter configurations. Thus, the IMPAVID system implements additional requirements and a visual environment to support data-driven, assisted, and interactive parameter configuration during IMP compliance assessment. We validate our system by presenting a comprehensive case study based on a publicly available dataset, which includes real IMP log data from an IT company. It shows the system’s capabilities to perform IMP compliance assessment while dynamically configuring the parameters of the proposed compliance cost model, enabling more effective and efficient analysis.| File | Dimensione | Formato | |
|---|---|---|---|
|
Palma_IMPAVID_2025.pdf
accesso aperto
Note: https://doi.org/10.1016/j.cag.2025.104243
Tipologia:
Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza:
Creative commons
Dimensione
3.01 MB
Formato
Adobe PDF
|
3.01 MB | Adobe PDF |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
