CRUSOE: Data Model for Cyber Situation Awareness

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14610%2F18%3A00106889" target="_blank" >RIV/00216224:14610/18:00106889 - isvavai.cz</a>

Výsledek na webu

<a href="http://dx.doi.org/10.1145/3230833.3232798" target="_blank" >http://dx.doi.org/10.1145/3230833.3232798</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1145/3230833.3232798" target="_blank" >10.1145/3230833.3232798</a>

Jazyk výsledku

angličtina

Název v původním jazyce

CRUSOE: Data Model for Cyber Situation Awareness

Popis výsledku v původním jazyce

Attaining and keeping cyber situational awareness is crucial for the proper incident response, especially in critical infrastructures. Incident handlers need to process heterogeneous data, such as network topology and organisation's missions and objectives, to effectively mitigate the threats. The development of tools for attaining cyber situational awareness often faces the problem of effectively obtaining, correlating, and storing such heterogeneous data. In this paper, we present CRUSOE, an extensible layered data model for attaining and keeping information on cyber situational awareness. We conducted interviews with incident handlers from several security teams and evaluated existing requirements on cyber situational awareness to formalise the requirements on the proposed data model so that can be used in today's common network settings. The CRUSOE data model keeps track of missions, systems, networks, hosts, threats, detection and response capabilities, and access control in a network of an organisation. It is also designed to be filled primarily with the data that can be obtained in a semi- or fully-automated fashion in today's common network environments.

Název v anglickém jazyce

CRUSOE: Data Model for Cyber Situation Awareness

Popis výsledku anglicky

Attaining and keeping cyber situational awareness is crucial for the proper incident response, especially in critical infrastructures. Incident handlers need to process heterogeneous data, such as network topology and organisation's missions and objectives, to effectively mitigate the threats. The development of tools for attaining cyber situational awareness often faces the problem of effectively obtaining, correlating, and storing such heterogeneous data. In this paper, we present CRUSOE, an extensible layered data model for attaining and keeping information on cyber situational awareness. We conducted interviews with incident handlers from several security teams and evaluated existing requirements on cyber situational awareness to formalise the requirements on the proposed data model so that can be used in today's common network settings. The CRUSOE data model keeps track of missions, systems, networks, hosts, threats, detection and response capabilities, and access control in a network of an organisation. It is also designed to be filled primarily with the data that can be obtained in a semi- or fully-automated fashion in today's common network environments.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10200 - Computer and information sciences

Projekt

<a href="/cs/project/VI20172020070" target="_blank" >VI20172020070: Výzkum nástrojů pro hodnocení kybernetické situace a podporu rozhodování CSIRT týmů při ochraně kritické infrastruktury</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2018

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Proceedings of the 13th International Conference on Availability, Reliability and Security

ISBN

9781450364485

ISSN

—

e-ISSN

—

Počet stran výsledku

10

Strana od-do

„36:1“-„36:10“

Název nakladatele

ACM

Místo vydání

Hamburg

Místo konání akce

Hamburg

Datum konání akce

27. 8. 2018

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

000477981800072