Sciweavers

IMCS
2007

Incident response requirements for distributed security information management systems

14 years 16 days ago
Incident response requirements for distributed security information management systems
Purpose – Security information management systems (SIMs) have been providing a unified distributed platform for the efficient management of security information produced by corresponding mechanisms within an organization. However, these systems currently lack the capability of producing and enforcing response policies, mainly due to their limited incident response (IR) functionality. This paper explores the nature of SIMs while proposing a set of requirements that could be satisfied by SIMs for the efficient and effective handling of security incidents. Design/methodology/approach – These requirements are presented in a high-level architectural concept and include policy visualization, system intelligence to enable automated policy management, as well as, data mining elements for inspection, evaluation and enhancements of IR policies. Findings – A primitive mechanism that could guarantee the freshness and accuracy of state information that SIMs provide in order to launch sol...
Sarandis Mitropoulos, Dimitrios Patsos, Christos D
Added 15 Dec 2010
Updated 15 Dec 2010
Type Journal
Year 2007
Where IMCS
Authors Sarandis Mitropoulos, Dimitrios Patsos, Christos Douligeris
Comments (0)