Study of the applicability of the hierarchy analysis method for choosing a SIEM system

Abstract

The paper is dedicated to the problem of choosing a SIEM system for use in the Network Security Center (NSC) of the critical information infrastructure (CII) information and telecommunications system (ITCS) entities. The security information and event management system is a central element of any NSC architecture, directly affecting the effectiveness of detecting cybersecurity incidents in the CII ITCS. Consequently, the problem of a well-founded choice of a SIEM system for NSC operations is relevant. It is proposed to solve this problem using the Analytic Hierarchy Process (AHP) method, which has proven itself in solving multi-criteria selection tasks. Based on the systemic approach and mathematical apparatus of AHP, it allows for a quantitative assessment of selection criteria and considered alternatives and to choose the preferred option from a set of possibilities. The aim of the study is to demonstrate the applicability of the AHP method for a well-founded choice of a system. The following tasks were addressed within the framework of the study: to describe the stages of the considered method and to present an algorithm for selecting a SIEM system consisting of stages of constructing a hierarchy reflecting the goal of the choice, evaluation criteria of alternatives, determination of weights of selection criteria and alternative systems for each criterion by means of pairwise comparison matrices, identification of the preferred SIEM system based on the sorting of overall priorities for all. The obtained results have practical significance for various NSCs implementing the SIEM system, including the ITCS of a CII entity.