Application of business intelligence for analyzing vulnerabilities to increase the security level in an academic CSIRT
This study aimed at designing a potential solution through Business Intelligence for acquiring data and information from a wide variety of sources and utilizing them in the decision-making of the vulnerability analysis of an Academic CSIRT (Computer Security Incident Response Team). This study was d...
- Autores:
- Tipo de recurso:
- Fecha de publicación:
- 2018
- Institución:
- Universidad Pedagógica y Tecnológica de Colombia
- Repositorio:
- RiUPTC: Repositorio Institucional UPTC
- Idioma:
- eng
- OAI Identifier:
- oai:repositorio.uptc.edu.co:001/14203
- Acceso en línea:
- https://revistas.uptc.edu.co/index.php/ingenieria/article/view/7747
https://repositorio.uptc.edu.co/handle/001/14203
- Palabra clave:
- business intelligence
cybersecurity
decision making
early alerts
electronic data processing
ETL
vulnerability analysis
alertas tempranas
análisis de vulnerabilidades
ETL
inteligencia de negocios
procesamiento electrónico de datos
seguridad cibernética
toma de decisiones
- Rights
- License
- http://purl.org/coar/access_right/c_abf289
| id |
REPOUPTC2_7ab874c41924ad45e534d1a3b54d436f |
|---|---|
| oai_identifier_str |
oai:repositorio.uptc.edu.co:001/14203 |
| network_acronym_str |
REPOUPTC2 |
| network_name_str |
RiUPTC: Repositorio Institucional UPTC |
| repository_id_str |
|
| dc.title.en-US.fl_str_mv |
Application of business intelligence for analyzing vulnerabilities to increase the security level in an academic CSIRT |
| dc.title.es-ES.fl_str_mv |
Aplicación de Inteligencia de Negocios para el análisis de vulnerabilidades en pro de incrementar el nivel de seguridad en un CSIRT académico |
| title |
Application of business intelligence for analyzing vulnerabilities to increase the security level in an academic CSIRT |
| spellingShingle |
Application of business intelligence for analyzing vulnerabilities to increase the security level in an academic CSIRT business intelligence cybersecurity decision making early alerts electronic data processing ETL vulnerability analysis alertas tempranas análisis de vulnerabilidades ETL inteligencia de negocios procesamiento electrónico de datos seguridad cibernética toma de decisiones |
| title_short |
Application of business intelligence for analyzing vulnerabilities to increase the security level in an academic CSIRT |
| title_full |
Application of business intelligence for analyzing vulnerabilities to increase the security level in an academic CSIRT |
| title_fullStr |
Application of business intelligence for analyzing vulnerabilities to increase the security level in an academic CSIRT |
| title_full_unstemmed |
Application of business intelligence for analyzing vulnerabilities to increase the security level in an academic CSIRT |
| title_sort |
Application of business intelligence for analyzing vulnerabilities to increase the security level in an academic CSIRT |
| dc.subject.en-US.fl_str_mv |
business intelligence cybersecurity decision making early alerts electronic data processing ETL vulnerability analysis |
| topic |
business intelligence cybersecurity decision making early alerts electronic data processing ETL vulnerability analysis alertas tempranas análisis de vulnerabilidades ETL inteligencia de negocios procesamiento electrónico de datos seguridad cibernética toma de decisiones |
| dc.subject.es-ES.fl_str_mv |
alertas tempranas análisis de vulnerabilidades ETL inteligencia de negocios procesamiento electrónico de datos seguridad cibernética toma de decisiones |
| description |
This study aimed at designing a potential solution through Business Intelligence for acquiring data and information from a wide variety of sources and utilizing them in the decision-making of the vulnerability analysis of an Academic CSIRT (Computer Security Incident Response Team). This study was developed in a CSIRT that gathers a variety of Ecuadorian universities. We applied the Action-Research methodology with a qualitative approach, divided into three phases: First, we qualitatively evaluated two intrusion detection analysis tools (Passive Scanner and Snort) to verify their advantages and their ability to be exclusive or complementary; simultaneously, these tools recorded the real-time logs of the incidents in a MySQL related database. Second, we applied the Ralph Kimball's methodology to develop several routines that allowed applying the "Extract, Transform, and Load" process of the non-normalized logs that were subsequently processed by a graphical user interface. Third, we built a software application using Scrum to connect the obtained logs to the Pentaho BI tool, and thus, generate early alerts as a strategic factor. The results demonstrate the functionality of the designed solution, which generates early alerts, and consequently, increases the security level of the CSIRT members. |
| publishDate |
2018 |
| dc.date.accessioned.none.fl_str_mv |
2024-07-05T19:11:35Z |
| dc.date.available.none.fl_str_mv |
2024-07-05T19:11:35Z |
| dc.date.none.fl_str_mv |
2018-01-15 |
| dc.type.en-US.fl_str_mv |
research |
| dc.type.es-ES.fl_str_mv |
investigación |
| dc.type.none.fl_str_mv |
info:eu-repo/semantics/article |
| dc.type.coar.fl_str_mv |
http://purl.org/coar/resource_type/c_2df8fbb1 |
| dc.type.coarversion.fl_str_mv |
http://purl.org/coar/version/c_970fb48d4fbd8a85 |
| dc.type.version.spa.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
| dc.type.coarversion.spa.fl_str_mv |
http://purl.org/coar/version/c_970fb48d4fbd8a372 |
| status_str |
publishedVersion |
| dc.identifier.none.fl_str_mv |
https://revistas.uptc.edu.co/index.php/ingenieria/article/view/7747 10.19053/01211129.v27.n47.2018.7747 |
| dc.identifier.uri.none.fl_str_mv |
https://repositorio.uptc.edu.co/handle/001/14203 |
| url |
https://revistas.uptc.edu.co/index.php/ingenieria/article/view/7747 https://repositorio.uptc.edu.co/handle/001/14203 |
| identifier_str_mv |
10.19053/01211129.v27.n47.2018.7747 |
| dc.language.none.fl_str_mv |
eng |
| dc.language.iso.spa.fl_str_mv |
eng |
| language |
eng |
| dc.relation.none.fl_str_mv |
https://revistas.uptc.edu.co/index.php/ingenieria/article/view/7747/6137 https://revistas.uptc.edu.co/index.php/ingenieria/article/view/7747/7182 |
| dc.rights.coar.fl_str_mv |
http://purl.org/coar/access_right/c_abf2 |
| dc.rights.coar.spa.fl_str_mv |
http://purl.org/coar/access_right/c_abf289 |
| rights_invalid_str_mv |
http://purl.org/coar/access_right/c_abf289 http://purl.org/coar/access_right/c_abf2 |
| dc.format.none.fl_str_mv |
application/pdf application/xml |
| dc.publisher.en-US.fl_str_mv |
Universidad Pedagógica y Tecnológica de Colombia |
| dc.source.en-US.fl_str_mv |
Revista Facultad de Ingeniería; Vol. 27 No. 47 (2018); 21-29 |
| dc.source.es-ES.fl_str_mv |
Revista Facultad de Ingeniería; Vol. 27 Núm. 47 (2018); 21-29 |
| dc.source.none.fl_str_mv |
2357-5328 0121-1129 |
| institution |
Universidad Pedagógica y Tecnológica de Colombia |
| repository.name.fl_str_mv |
Repositorio Institucional UPTC |
| repository.mail.fl_str_mv |
repositorio.uptc@uptc.edu.co |
| _version_ |
1839633865008742400 |
| spelling |
2018-01-152024-07-05T19:11:35Z2024-07-05T19:11:35Zhttps://revistas.uptc.edu.co/index.php/ingenieria/article/view/774710.19053/01211129.v27.n47.2018.7747https://repositorio.uptc.edu.co/handle/001/14203This study aimed at designing a potential solution through Business Intelligence for acquiring data and information from a wide variety of sources and utilizing them in the decision-making of the vulnerability analysis of an Academic CSIRT (Computer Security Incident Response Team). This study was developed in a CSIRT that gathers a variety of Ecuadorian universities. We applied the Action-Research methodology with a qualitative approach, divided into three phases: First, we qualitatively evaluated two intrusion detection analysis tools (Passive Scanner and Snort) to verify their advantages and their ability to be exclusive or complementary; simultaneously, these tools recorded the real-time logs of the incidents in a MySQL related database. Second, we applied the Ralph Kimball's methodology to develop several routines that allowed applying the "Extract, Transform, and Load" process of the non-normalized logs that were subsequently processed by a graphical user interface. Third, we built a software application using Scrum to connect the obtained logs to the Pentaho BI tool, and thus, generate early alerts as a strategic factor. The results demonstrate the functionality of the designed solution, which generates early alerts, and consequently, increases the security level of the CSIRT members.Esta investigación tuvo como objetivo diseñar una solución para la toma de decisiones mediante Inteligencia de Negocios, que permite adquirir datos e información de una amplia variedad de fuentes y utilizarlos en la toma de decisiones en el análisis de vulnerabilidades de un equipo de respuesta ante incidentes informáticos (CSIRT). Este estudio se ha desarrollado en un CSIRT Académico que agrupa varias universidades miembros del Ecuador. Para llevarlo a cabo se aplicó la metodología de Investigación-Acción con un enfoque cualitativo, dividido en tres fases: Primera, se realizó una evaluación comparativa de dos herramientas de análisis de intrusos: Passive Vulnerability Scanner y Snort, que son utilizadas por el CSIRT, para verificar sus bondades y verificar si son excluyentes o complementarias; enseguida se han guardado los logs en tiempo real de los incidentes registrados por dichas herramientas en una base de datos relacional MySQL. Segunda, se aplicó la metodología de Ralph Kimball para el desarrollo de varias rutinas que permitan aplicar el proceso “Extraer, Transformar y Cargar” de los logs no normalizados, que luego serían procesados por una interfaz gráfica. Tercera, se construyó una aplicación de software mediante la metodología Ágil Scrum, que realice un análisis inteligente con los logs obtenidos mediante la herramienta Pentaho BI, con el propósito de generar alertas tempranas como un factor estratégico. Los resultados muestran la funcionalidad de esta solución que ha generado alertas tempranas y que, en consecuencia, ha incrementado el nivel de seguridad de las universidades miembros del CSIRT académico.application/pdfapplication/xmlengengUniversidad Pedagógica y Tecnológica de Colombiahttps://revistas.uptc.edu.co/index.php/ingenieria/article/view/7747/6137https://revistas.uptc.edu.co/index.php/ingenieria/article/view/7747/7182Copyright (c) 2018 Francisco Xavier Reyes-Mena, Walter Marcelo Fuertes-Díaz, Carlos Enrique Guzmán-Jaramillo, Ernesto Pérez-Estévez, Paúl Fernando Bernal-Barzallo, César Javier Villacís-Silvahttp://purl.org/coar/access_right/c_abf289http://purl.org/coar/access_right/c_abf2Revista Facultad de Ingeniería; Vol. 27 No. 47 (2018); 21-29Revista Facultad de Ingeniería; Vol. 27 Núm. 47 (2018); 21-292357-53280121-1129business intelligencecybersecuritydecision makingearly alertselectronic data processingETLvulnerability analysisalertas tempranasanálisis de vulnerabilidadesETLinteligencia de negociosprocesamiento electrónico de datosseguridad cibernéticatoma de decisionesApplication of business intelligence for analyzing vulnerabilities to increase the security level in an academic CSIRTAplicación de Inteligencia de Negocios para el análisis de vulnerabilidades en pro de incrementar el nivel de seguridad en un CSIRT académicoresearchinvestigacióninfo:eu-repo/semantics/articlehttp://purl.org/coar/resource_type/c_2df8fbb1info:eu-repo/semantics/publishedVersionhttp://purl.org/coar/version/c_970fb48d4fbd8a372http://purl.org/coar/version/c_970fb48d4fbd8a85Reyes-Mena, Francisco XavierFuertes-Díaz, Walter MarceloGuzmán-Jaramillo, Carlos EnriquePérez-Estévez, ErnestoBernal-Barzallo, Paúl FernandoVillacís-Silva, César Javier001/14203oai:repositorio.uptc.edu.co:001/142032025-07-18 11:53:44.328metadata.onlyhttps://repositorio.uptc.edu.coRepositorio Institucional UPTCrepositorio.uptc@uptc.edu.co |