Application of business intelligence for analyzing vulnerabilities to increase the security level in an academic CSIRT

This study aimed at designing a potential solution through Business Intelligence for acquiring data and information from a wide variety of sources and utilizing them in the decision-making of the vulnerability analysis of an Academic CSIRT (Computer Security Incident Response Team). This study was d...

Full description

Autores:
Tipo de recurso:
Fecha de publicación:
2018
Institución:
Universidad Pedagógica y Tecnológica de Colombia
Repositorio:
RiUPTC: Repositorio Institucional UPTC
Idioma:
eng
OAI Identifier:
oai:repositorio.uptc.edu.co:001/14203
Acceso en línea:
https://revistas.uptc.edu.co/index.php/ingenieria/article/view/7747
https://repositorio.uptc.edu.co/handle/001/14203
Palabra clave:
business intelligence
cybersecurity
decision making
early alerts
electronic data processing
ETL
vulnerability analysis
alertas tempranas
análisis de vulnerabilidades
ETL
inteligencia de negocios
procesamiento electrónico de datos
seguridad cibernética
toma de decisiones
Rights
License
http://purl.org/coar/access_right/c_abf289
Description
Summary:This study aimed at designing a potential solution through Business Intelligence for acquiring data and information from a wide variety of sources and utilizing them in the decision-making of the vulnerability analysis of an Academic CSIRT (Computer Security Incident Response Team). This study was developed in a CSIRT that gathers a variety of Ecuadorian universities. We applied the Action-Research methodology with a qualitative approach, divided into three phases: First, we qualitatively evaluated two intrusion detection analysis tools (Passive Scanner and Snort) to verify their advantages and their ability to be exclusive or complementary; simultaneously, these tools recorded the real-time logs of the incidents in a MySQL related database. Second, we applied the Ralph Kimball's methodology to develop several routines that allowed applying the "Extract, Transform, and Load" process of the non-normalized logs that were subsequently processed by a graphical user interface. Third, we built a software application using Scrum to connect the obtained logs to the Pentaho BI tool, and thus, generate early alerts as a strategic factor. The results demonstrate the functionality of the designed solution, which generates early alerts, and consequently, increases the security level of the CSIRT members.

Publicaciones similares