Lexical method for solving a multicriteria problem of selecting a SIEM for building a situational center for cybersecurity

Abstract

The author considers the creation of a Cybersecurity Situation Center (CSC), its tasks and composition, and also provides the main technological tools that should be included in an effective CSC. Particular attention is paid to the information security incident management system (SIEM), which is key to the CSC, and its purpose and main tasks that it should solve are considered. The authors analyzes the peculiarities of solving the problem of rational selection of a SIEM. The groups of indicators characterizing the degree of fulfillment of the requirements for a SIEM are allocated and their examples are given. The use of fuzzy set theory for processing expert information on qualitative indicators characterizing a SIEM is proposed. The features related to making a rational decision on the choice of a SIEM are analyzed. Groups of indicators that can help in assessing the degree of compliance of a SIEM with the requirements are allocated, and examples of these indicators are given. In order to process expert information on the qualitative indicators of a SIEM, the use of fuzzy set theory is proposed. A formal statement of the problem of selecting a SIEM is presented and the main stages of its solution are proposed, including the preparation of initial data, the choice of a method for solving the multi-criteria problem of rational selection of a SIEM and the development of an algorithm. It is proposed to use the method of normalization of quantitative indicators of a SIEM and the method of pairwise comparisons based on rank estimates to process its qualitative indicators. The use of the Saaty scale with 9 point values to obtain membership functions for the qualitative characteristics of a SIEM based on expert evaluation is considered. An algorithm for constructing membership functions of SIEM characteristics for each fuzzy term is developed. Methods for solving multi-criteria problems are described and the use of the lexical method is proposed to solve the problem of rational selection of a SIEM in the course of building a Cybersecurity Situation Center. An algorithm for its implementation has been created and implemented, and to demonstrate its effectiveness, an example of its use for the rational selection of a SIEM is given. In addition, recommendations for the practical use of the obtained results are given.