Effectiveness of Security Incident Event Management (SIEM) System for Cyber Security Situation Awareness

Abstract

Cyber-attacks have always targeted information communication technology systems of various organizations.Intruders and hackers have within their reach, very powerful tools through which they capable to bypassthe existing network security so as to deliver a payload that might have a severe impact on the wholeorganization. Therefore, it has become essential for organizations to develop mechanisms through whichthey can detect a possible cyber threat and then respond accordingly. By establishing cybersecurity situationawareness, organizations will understand what is happening and then respond effectively. The presentstudy evaluated the effectiveness of the Security Incident Event Management (SIEM) system for CyberSecurity Situation Awareness. A Hierarchical Network Security Situation Assessment Model (referred toHNSSAM) which joins Security Incident Event Management (SIEM) system evidence theory fusion ruleswith classified quantitative risk assessment method was applied. Data processing was initially designed soas to collect security data from various sensors. Mechanisms for data verification were then adopted so as toestablish whether SIEM was effective in successfully detecting any form of cyber-attack. Results show thatSIEM tools may be applied by security analysts to gain visibility into the security threats attacking the ITsystems of an organization and then respond appropriately.