Técnica para Retenção e Recuperação de Conhecimento na Resolução de Incidentes de Segurança
Abstract
This work explores the reasoning computing techniques application for knowledge management of cybersecurity incidents to offer a methodological approach for the retention and reuse of the specialist's knowledge aiming the resolution of new incidents. The information security specialist's knowledge is central for organizations because the effective resolution of incidents depends on their knowledge. However, organizations should not be totally dependent on their employees. Thus, the proposed methodology explores Cased-based Reasoning with weighted attributes from the IODEF pattern, aiming the retention of the specialist's knowledge on the incident's resolution. The solution allows other organization members to perform similar tasks, helping to decrease the security company dependency of its employees. The results demonstrate that with this methodology the knowledge is effectively retained in the case-base and that new employees can be benefited from the recommendations built and provided by the system, improving the knowledge retention in organizations.References
Dalkir, K. e Liebowitz, J. (2011). Knowledge Management in Theory and Practice. MIT Press.
Rahimli, A. (2012). Knowledge management and competitive advantage. In Information and Knowledge Management, pp. 37-43.
Hove, C. e Tarnes, M. (2013). Information Security Incident Management: An Empirical Study of Current Practice. Norwegian University of Science and Technology, Trondheim, Norway.
CERT.br. Estatísticas dos Incidentes Reportados ao CERT.br. Disponível em https://www.cert.br/stats/incidentes/. Acessado em: 24/07/2019.
Inayat, Z., Gani, A., Anuar, N. B., Khan, M. K. e Anwar, S. (2016). Intrusion response systems: Foundations, design, and challenges. Journal of Network and Computer Applications, vol. 62, pp. 53.
Richter, M. M. e Weber, R. O. (2013). Case-Based Reasoning: A Textbook. Springer.
Takahashi, T., Landfield, k. e Kadobayashi, Y. (2014). An Incident Object Description Exchange Format (IODEF) Extension for Structured Cybersecurity Information, RFC 7203, April.
Takahashi, T. e Miyamoto, D. (2016). Structured cybersecurity information exchange for streamlining incident response operations. In Network Operations and Management Symposium, pp. 949-954.
Gascon, H. et al, (2017). Mining attributed graphs for threat intelligence. In Proc of the 7th ACM Conference on Data and Application Security and Privacy, Arizona, USA, pp. 15-22.
Mansar, S. L., Marir, F. e Reijers, H. A. (2003). Case-based reasoning as a technique for knowledge management in business process redesign. Electronic Journal on Knowledge Management, vol. 1, (2), pp. 113-124.
ISO/IEC 27035. (2016). Information technology - security techniques - information security incident management. International Organization for Standardization, Geneva, CH, November.
Metzger, S., Hommel, W. e Reiser, H. (2011). Integrated security incident management – concepts and real-world experiences. In Proc of the 2011 Sixth International Conference on IT Security Incident Management and IT Forensics, pp. 107-121.
Line, M. B., Tøndel, I. A. e Jaatun, M. G. (2016). Current practices and challenges in industrial control organizations regarding information security incident management – Does size matter? Information security incident management in large and small industrial control organizations. International Journal of Critical Infrastructure Protection, vol. 12, (Supplement C), pp. 12.
Rajnovic, D. (2011). Computer Incident Response and Product Security. Indianapolis, USA: Cisco Press.
Anuar, N. B., Papadaki, M., Furnell, S. e Clarke, N. (2010). An investigation and survey of response options for intrusion response systems (IRSs). In Information Security for South Africa, pp. 1-8.
Jiang, F., Gu, T., Chang, L. e Xu, Z. (2014). Case Retrieval for Network Security Emergency Response Based on Description Logic. In Int. Conf. on Intelligent Information Processing, China, pp. 284-293.
Kim, H. K., Im, K. H. e Park, S. (2010). DSS for computer security incident response applying CBR and collaborative response. Expert Systems with Applications, vol. 37, (1), pp. 852-870.
Ping, L., Haifeng, Y. e Guoqing, M. (2010). An incident response decision support system based on CBR and ontology. In Int Conf on Computer Application and System Modeling, pp. 11-337-11-340.
OASIS. (2019). Introdution to STIX. Disponível em: https://oasis-open.github.io/cti-documentation/stix/intro. Acessado em: 24/07/2019.
Software FreeCBR. (2019). Disponível em: http://freecbr.sourceforge.net/. Acessado em: 23/07/2019.
Rahimli, A. (2012). Knowledge management and competitive advantage. In Information and Knowledge Management, pp. 37-43.
Hove, C. e Tarnes, M. (2013). Information Security Incident Management: An Empirical Study of Current Practice. Norwegian University of Science and Technology, Trondheim, Norway.
CERT.br. Estatísticas dos Incidentes Reportados ao CERT.br. Disponível em https://www.cert.br/stats/incidentes/. Acessado em: 24/07/2019.
Inayat, Z., Gani, A., Anuar, N. B., Khan, M. K. e Anwar, S. (2016). Intrusion response systems: Foundations, design, and challenges. Journal of Network and Computer Applications, vol. 62, pp. 53.
Richter, M. M. e Weber, R. O. (2013). Case-Based Reasoning: A Textbook. Springer.
Takahashi, T., Landfield, k. e Kadobayashi, Y. (2014). An Incident Object Description Exchange Format (IODEF) Extension for Structured Cybersecurity Information, RFC 7203, April.
Takahashi, T. e Miyamoto, D. (2016). Structured cybersecurity information exchange for streamlining incident response operations. In Network Operations and Management Symposium, pp. 949-954.
Gascon, H. et al, (2017). Mining attributed graphs for threat intelligence. In Proc of the 7th ACM Conference on Data and Application Security and Privacy, Arizona, USA, pp. 15-22.
Mansar, S. L., Marir, F. e Reijers, H. A. (2003). Case-based reasoning as a technique for knowledge management in business process redesign. Electronic Journal on Knowledge Management, vol. 1, (2), pp. 113-124.
ISO/IEC 27035. (2016). Information technology - security techniques - information security incident management. International Organization for Standardization, Geneva, CH, November.
Metzger, S., Hommel, W. e Reiser, H. (2011). Integrated security incident management – concepts and real-world experiences. In Proc of the 2011 Sixth International Conference on IT Security Incident Management and IT Forensics, pp. 107-121.
Line, M. B., Tøndel, I. A. e Jaatun, M. G. (2016). Current practices and challenges in industrial control organizations regarding information security incident management – Does size matter? Information security incident management in large and small industrial control organizations. International Journal of Critical Infrastructure Protection, vol. 12, (Supplement C), pp. 12.
Rajnovic, D. (2011). Computer Incident Response and Product Security. Indianapolis, USA: Cisco Press.
Anuar, N. B., Papadaki, M., Furnell, S. e Clarke, N. (2010). An investigation and survey of response options for intrusion response systems (IRSs). In Information Security for South Africa, pp. 1-8.
Jiang, F., Gu, T., Chang, L. e Xu, Z. (2014). Case Retrieval for Network Security Emergency Response Based on Description Logic. In Int. Conf. on Intelligent Information Processing, China, pp. 284-293.
Kim, H. K., Im, K. H. e Park, S. (2010). DSS for computer security incident response applying CBR and collaborative response. Expert Systems with Applications, vol. 37, (1), pp. 852-870.
Ping, L., Haifeng, Y. e Guoqing, M. (2010). An incident response decision support system based on CBR and ontology. In Int Conf on Computer Application and System Modeling, pp. 11-337-11-340.
OASIS. (2019). Introdution to STIX. Disponível em: https://oasis-open.github.io/cti-documentation/stix/intro. Acessado em: 24/07/2019.
Software FreeCBR. (2019). Disponível em: http://freecbr.sourceforge.net/. Acessado em: 23/07/2019.
Published
2019-09-02
How to Cite
COLOMÉ, Marcelo; NUNES, Raul; SILVA, Luis Alvaro.
Técnica para Retenção e Recuperação de Conhecimento na Resolução de Incidentes de Segurança. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 19. , 2019, São Paulo.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2019
.
p. 127-140.
DOI: https://doi.org/10.5753/sbseg.2019.13967.
