Alessandro Palma , Giacomo Acitelli , Andrea Marrella , Silvia Bonomi , Marco Angelini
{"title":"事件管理流程合规性评估系统","authors":"Alessandro Palma , Giacomo Acitelli , Andrea Marrella , Silvia Bonomi , Marco Angelini","doi":"10.1016/j.cose.2024.104070","DOIUrl":null,"url":null,"abstract":"<div><p>The Incident Management (IM) process is one of the core activities for increasing the overall security level of organizations and better responding to cyber attacks. Different security frameworks (such as ITIL and ISO 27035) provide guidelines for designing and properly implementing an effective IM process. Currently, assessing the compliance of the actual process implemented by an organization with such frameworks is a complex task. The assessment is mainly manually performed and requires much effort in the analysis and evaluation. In this paper, we first propose a taxonomy of compliance deviations to classify and prioritize the impacts of non-compliant causes. We combine trace alignment techniques with a new proposed cost model for the analysis of process deviations rather than process traces to prioritize interventions. We put these contributions into use in a system that automatically assesses the IM process compliance with a reference process model (e.g., the one described in the chosen security framework). It supports the auditor with increased awareness of process issues to make more focused decisions and improve the process’s effectiveness. We propose a benchmark validation for the model, and we show the system’s capability through a usage scenario based on a publicly available dataset of a real IM log. The source code of all components, including the code used for benchmarking, is publicly available as open source on GitHub.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8000,"publicationDate":"2024-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0167404824003754/pdfft?md5=b3b5304f2a718e77435c1532cd78e1b9&pid=1-s2.0-S0167404824003754-main.pdf","citationCount":"0","resultStr":"{\"title\":\"A compliance assessment system for Incident Management process\",\"authors\":\"Alessandro Palma , Giacomo Acitelli , Andrea Marrella , Silvia Bonomi , Marco Angelini\",\"doi\":\"10.1016/j.cose.2024.104070\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>The Incident Management (IM) process is one of the core activities for increasing the overall security level of organizations and better responding to cyber attacks. Different security frameworks (such as ITIL and ISO 27035) provide guidelines for designing and properly implementing an effective IM process. Currently, assessing the compliance of the actual process implemented by an organization with such frameworks is a complex task. The assessment is mainly manually performed and requires much effort in the analysis and evaluation. In this paper, we first propose a taxonomy of compliance deviations to classify and prioritize the impacts of non-compliant causes. We combine trace alignment techniques with a new proposed cost model for the analysis of process deviations rather than process traces to prioritize interventions. We put these contributions into use in a system that automatically assesses the IM process compliance with a reference process model (e.g., the one described in the chosen security framework). It supports the auditor with increased awareness of process issues to make more focused decisions and improve the process’s effectiveness. We propose a benchmark validation for the model, and we show the system’s capability through a usage scenario based on a publicly available dataset of a real IM log. The source code of all components, including the code used for benchmarking, is publicly available as open source on GitHub.</p></div>\",\"PeriodicalId\":51004,\"journal\":{\"name\":\"Computers & Security\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":4.8000,\"publicationDate\":\"2024-08-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://www.sciencedirect.com/science/article/pii/S0167404824003754/pdfft?md5=b3b5304f2a718e77435c1532cd78e1b9&pid=1-s2.0-S0167404824003754-main.pdf\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computers & Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0167404824003754\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404824003754","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
摘要
事件管理(IM)流程是提高组织整体安全水平和更好地应对网络攻击的核心活动之一。不同的安全框架(如 ITIL 和 ISO 27035)为设计和正确实施有效的 IM 流程提供了指导。目前,评估组织实施的实际流程是否符合这些框架是一项复杂的任务。评估工作主要由人工完成,需要花费大量精力进行分析和评估。在本文中,我们首先提出了合规偏差分类法,以对不合规原因的影响进行分类和优先排序。我们将跟踪对齐技术与新提出的成本模型相结合,用于分析流程偏差而非流程跟踪,以确定干预措施的优先次序。我们将这些贡献应用到一个系统中,该系统可根据参考流程模型(如所选安全框架中描述的模型)自动评估 IM 流程的合规性。该系统可帮助审计人员提高对流程问题的认识,从而做出更有针对性的决策并提高流程的有效性。我们为该模型提出了一个基准验证,并通过一个基于真实 IM 日志的公开可用数据集的使用场景展示了该系统的能力。所有组件的源代码,包括用于基准测试的代码,都在 GitHub 上以开放源代码的形式公开。
A compliance assessment system for Incident Management process
The Incident Management (IM) process is one of the core activities for increasing the overall security level of organizations and better responding to cyber attacks. Different security frameworks (such as ITIL and ISO 27035) provide guidelines for designing and properly implementing an effective IM process. Currently, assessing the compliance of the actual process implemented by an organization with such frameworks is a complex task. The assessment is mainly manually performed and requires much effort in the analysis and evaluation. In this paper, we first propose a taxonomy of compliance deviations to classify and prioritize the impacts of non-compliant causes. We combine trace alignment techniques with a new proposed cost model for the analysis of process deviations rather than process traces to prioritize interventions. We put these contributions into use in a system that automatically assesses the IM process compliance with a reference process model (e.g., the one described in the chosen security framework). It supports the auditor with increased awareness of process issues to make more focused decisions and improve the process’s effectiveness. We propose a benchmark validation for the model, and we show the system’s capability through a usage scenario based on a publicly available dataset of a real IM log. The source code of all components, including the code used for benchmarking, is publicly available as open source on GitHub.
期刊介绍:
Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world.
Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.