PUKYONG

GUIDE OAK 국가리포지터리 부경대학교

검색

PUKYONG Repository 대학원 정보보호학협동과정

Metadata Downloads

Alternative Title: Incident detection model for quantitative risk assessment in SIEM environment

Abstract: As the business environment changes, cybercrime technology continues to evolve and defenses become more difficult. SIEM, which is an emerging technology to cope with advanced cyber attacks, collects and stores logs in identification range based on big data processing technology and provides a comprehensive defense system in terms of information protection through correlation analysis. Recently, companies have introduced this technology to integrate various security solutions and try to carry out information protection activity for the organization based on the collected information, but it is leading to the failure or limited use of the operation. This leads to the question of what to do with the SIEM system.
It is the main duty of the information security task in the enterprise and it is described in ISO 27005 as detailed risk management procedure. In this paper, we study how to construct SIEM in terms of information security risk management. We describe the method of risk assessment by asset based on collected logs and show the development process of SIEM detection rule applying it

URI: https://repository.pknu.ac.kr:8443/handle/2021.oak/23495
http://pknu.dcollection.net/common/orgView/200000221099

Table Of Contents: I. 서론 1
1. 연구배경 1
2. 연구 내용 및 구성 3
Ⅱ. 관련 연구 5
1. 정보보호 위험관리(ISRM) 연구 동향 5
2. 보안 정보 및 이벤트 관리(SIEM) 연구 동향 7
3. 위협 및 취약점 분석 연구 동향 9
Ⅲ. 제안 방법론: ETIR 위험평가 모델 11
1. 정량적 위험평가를 위한 기준 11
2. 위험평가를 위한 ETIR 모델 15
3. 위험식별을 위한 ET 단계 16
4. 위험분석을 위한 TI 단계 32
5. 위험평가를 위한 IR 단계 40
Ⅳ. 제안 모델의 평가 43
1. 유사 모델 간의 비교 43
2. 제안 모델의 특장점 44
3. 제안 모델의 발전 방향 45
Ⅵ. 결론 49
참고 문헌 50

Authorize & License

qrcode