Here is another exciting area in the space of Security Analytics.
I and colleagues of mine have been carrying out a few case studies, jointly with HP Customers and HP businesses, in the space of situational awareness by using Security Analytics.
This is an exciting area, very suitable for the HP Labs and HP IS Security Analytics methodology and tools, as it involves modelling critical processes, people behaviours and dealing with risk assessment issues.
The aim is to provide decision support to strategic decision makers (CISOs, CIOs, risk managers, etc.) and support the definition of related security policies.
Of particular interest and relevance is the application of our modelling & simulation methodology (along with related tools) to the processes involved in Security Operations Centres (SOCs) and related Incident Management & Remediation.
Specifically, we aim at assessing the risk exposure of organisations due to their SOC/incident management processes and the involved performance (e.g. time wasted in handling false positives). A series of metrics have been identified to measure the involved risks, e.g. time to fully manage incidents (the higher the wider the risk exposure window).
We used our analytics models to explore “what-if” scenarios e.g. the impact of changing SOC/incident management process steps, introducing automation and/or changing the number of involved personnel.
Interesting trade-offs are currently explored based on the priorities of decision makers, e.g. costs vs productivity vs security risks.
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: use this mirror blog if you prefer posting on an external blog site ---
--- NOTE: my original HP blog can be found here ---
Friday, April 29, 2011
Identity and Security Analytics: Paper Accepted at IEEE Policy 2011 Symposium
We got a paper accepted at the IEEE Policy 2011 Symposium focusing on the Identity and Security Analytics work we did with a major HP customer:
“Marco Casassa Mont, Richard Brown
Risk Assessment and Decision Support for Security Policies and Related Enterprise Operational Processes”
The abstract of the paper follows:
“This paper presents and discusses our work to provide organizations with risk assessment and decision support capabilities when dealing with their strategic security policies. We aim at achieving this by using a rigorous and scientific methodology (and tools) which leverages modeling and simulation techniques. This methodology helps organizations to assess their risk exposure. It factors in policy implementation at the operational level along with relevant threats, processes, interactions and people behaviors. It provides “what-if” analysis by illustrating the consequences of making policy changes and investments. We introduce our methodology and tools and then illustrate how this approach has been successfully used in a real case study with one of our major customers. This case study focused on the organization’s access management processes and related policies: it helped to inform strategic security policies and support changes of current processes. Additional work is planned in this space.”
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: use this mirror blog if you prefer posting on an external blog site ---
--- NOTE: my original HP blog can be found here ---
“Marco Casassa Mont, Richard Brown
Risk Assessment and Decision Support for Security Policies and Related Enterprise Operational Processes”
The abstract of the paper follows:
“This paper presents and discusses our work to provide organizations with risk assessment and decision support capabilities when dealing with their strategic security policies. We aim at achieving this by using a rigorous and scientific methodology (and tools) which leverages modeling and simulation techniques. This methodology helps organizations to assess their risk exposure. It factors in policy implementation at the operational level along with relevant threats, processes, interactions and people behaviors. It provides “what-if” analysis by illustrating the consequences of making policy changes and investments. We introduce our methodology and tools and then illustrate how this approach has been successfully used in a real case study with one of our major customers. This case study focused on the organization’s access management processes and related policies: it helped to inform strategic security policies and support changes of current processes. Additional work is planned in this space.”
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: use this mirror blog if you prefer posting on an external blog site ---
--- NOTE: my original HP blog can be found here ---
EnCoRe General Meeting in Venice and Networking Event for EU Framework 7 Call 8
On April 12th-14th we had an excellent General Meeting of the EnCoRe project, in Venice.
Good discussions on the third case study, system framework design and architectural aspects.
In this context, a networking event has been held to explore collaboration opportunities for the coming EU FP7 Call 8. It has been a very successful meeting with exciting opportunities, in particular in the area of “Cloud Accountability”.
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: use this mirror blog if you prefer posting on an external blog site ---
--- NOTE: my original HP blog can be found here ---
Good discussions on the third case study, system framework design and architectural aspects.
In this context, a networking event has been held to explore collaboration opportunities for the coming EU FP7 Call 8. It has been a very successful meeting with exciting opportunities, in particular in the area of “Cloud Accountability”.
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: use this mirror blog if you prefer posting on an external blog site ---
--- NOTE: my original HP blog can be found here ---
EnCoRe Project – 11th Quarter Summary
A summary of the project’s 11th quarter activities is available here.
In this context, the EnCoRe Architecture v.2 has now been fully completed and a related document will be published shortly. This release will feature new capabilities, including Obligation Management, support for Sticky Policies and improved Internal and external workflows for the management of consent and revocations.
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: use this mirror blog if you prefer posting on an external blog site ---
--- NOTE: my original HP blog can be found here ---
In this context, the EnCoRe Architecture v.2 has now been fully completed and a related document will be published shortly. This release will feature new capabilities, including Obligation Management, support for Sticky Policies and improved Internal and external workflows for the management of consent and revocations.
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: use this mirror blog if you prefer posting on an external blog site ---
--- NOTE: my original HP blog can be found here ---
Subscribe to:
Posts (Atom)