Improving the security monitoring process
Βελτίωση της παρακολούθησης της ασφάλειας
Organizations that maintain information systems are constantly facing new security challenges in cyberspace, as individuals, organized groups, criminal organizations and nation sponsored actors, threaten their infrastructures having different motivation and aims. The need for business continuity and compliance to standards and laws, render their monitoring a necessity, to make the organization aware of its security posture and enable it to respond to security incidents. The problem that was investigated with this dissertation is the need for security monitoring in large-scale infrastructures composed of heterogeneous devices geographically dispersed, aiming to increase and optimize the capabilities of organizations. This research focused on the design of infrastructures for the management of the data (log data) that security monitoring relies on, aiming to address all aspects of the topic. Research started with literature review and resulted to the proposal of a methodology for the design of a log management infrastructure, addressing all aspects of the topic from the capture of requirements through out the collection of log data to a central location, and can be used as astep-by-step guide from the designer. It continued researching the need to validate the design of log management infrastructure, verifying that its users can actually perform the tasks that result from the requirements, as well as to ensure the optimal usage of its resources and exploitation of the collected log data. It concluded researching the ability to dynamically design a log management infrastructure able to evolve adopting to changing threat landscape it operates in. The introduction of the field of social network analysis to the design of such infrastructures was an innovation introduced by this research. The application of a this topic, well established in social sciences, proved to be an agile tool for managing the complexity of designing a large-scale infrastructure. The measurements and analysis techniques available in social network analysis were used to justify and document design decisions and enabled the consideration of additional issues affecting the design. The artifacts of this research were demonstrated and evaluated performing case studies that used the infrastructure of the Greek Research and Technology Network (GRNET S.A), though future work could focus on industrial control systems (ICS), the Internet of Things (IoT) and maritime security.