A Collaborative Analysis System for Cross-organization Cyber Incident Handling

Giuseppe Settanni; Florian Skopik; Yegor Shovgenya; Roman Fiedler

doi:10.5220/0005688301050116

A Collaborative Analysis System for Cross-organization Cyber Incident Handling

Giuseppe Settanni, Florian Skopik, Yegor Shovgenya, Roman Fiedler

2016

Abstract

Information and Communication Technology (ICT) systems are predominant in today’s energy, finance, transportation and telecommunications infrastructures. Protecting such Critical Infrastructures (CIs) against modern cyber threats and respond to sophisticated attacks is becoming as complex as essential. A synergistic and coordinated effort between multiple organizations is required in order to tackle this kind of threats. Incidents occurring in interconnected critical infrastructures can be effectively handled only if a cooperation plan between different stakeholders is in place. Organizations need to cooperatively exchange security-relevant information in order to obtain a broader knowledge on the current cyber situation of their infrastructures and timely react if necessary. National cyber Security Operations Centers (SOCs), as proposed by the European NIS directive, are being established worldwide to achieve this goal. Critical infrastructure providers are asked to report to the national SOCs about security issues revealed in their networks. National SOCs correlate all the gathered data, analyze it and eventually provide support and mitigation strategies to the affiliated organizations. Although most of these tasks can be automated, human involvement is still necessary to enable SOCs to adequately take decisions on occurring incidents and quickly implement counteractions. In this paper we therefore introduce and evaluate a semi-automated analysis engine for cyber incident handling. The proposed approach, named CAESAIR (Collaborative Analysis Engine for Situational Awareness and Incident Response), aims at supporting SOC operators in collecting significant security-relevant data from various sources, investigating on reported incidents, correlating them and providing a possible interpretation of the security issues affecting concerned infrastructures.

Download

Paper Citation

in Harvard Style

Settanni G., Skopik F., Shovgenya Y. and Fiedler R. (2016). A Collaborative Analysis System for Cross-organization Cyber Incident Handling . In Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-167-0, pages 105-116. DOI: 10.5220/0005688301050116

in Bibtex Style

@conference{icissp16,
author={Giuseppe Settanni and Florian Skopik and Yegor Shovgenya and Roman Fiedler},
title={A Collaborative Analysis System for Cross-organization Cyber Incident Handling},
booktitle={Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2016},
pages={105-116},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005688301050116},
isbn={978-989-758-167-0},
}

in EndNote Style

TY - CONF
JO - Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - A Collaborative Analysis System for Cross-organization Cyber Incident Handling
SN - 978-989-758-167-0
AU - Settanni G.
AU - Skopik F.
AU - Shovgenya Y.
AU - Fiedler R.
PY - 2016
SP - 105
EP - 116
DO - 10.5220/0005688301050116