Note: this blog is a mirror of my HP Labs Blog, on the same topic, accessible at: http://h30507.www3.hp.com/t5/Research-on-Security-and/bg-p/163

Friday, April 29, 2011

Applying Security Analytics in the Space of SOC and Incident Management

Here is another exciting area in the space of Security Analytics.

I and colleagues of mine have been carrying out a few case studies, jointly with HP Customers and HP businesses, in the space of situational awareness by using Security Analytics.

This is an exciting area, very suitable for the HP Labs and HP IS Security Analytics methodology and tools, as it involves modelling critical processes, people behaviours and dealing with risk assessment issues.

The aim is to provide decision support to strategic decision makers (CISOs, CIOs, risk managers, etc.) and support the definition of related security policies.

Of particular interest and relevance is the application of our modelling & simulation methodology (along with related tools) to the processes involved in Security Operations Centres (SOCs) and related Incident Management & Remediation.

Specifically, we aim at assessing the risk exposure of organisations due to their SOC/incident management processes and the involved performance (e.g. time wasted in handling false positives). A series of metrics have been identified to measure the involved risks, e.g. time to fully manage incidents (the higher the wider the risk exposure window).

We used our analytics models to explore “what-if” scenarios e.g. the impact of changing SOC/incident management process steps, introducing automation and/or changing the number of involved personnel.

Interesting trade-offs are currently explored based on the priorities of decision makers, e.g. costs vs productivity vs security risks.



--- Posted by Marco Casassa Mont (here and here) ---

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

--- NOTE: my original HP blog can be found here ---

No comments: