Network Security Intelligence Centres for Information Security Incident Management

Abstract

Intensive IT development is driving current information security (IS) trends and require sophisticated structures and adequate approached to manage IS for different businesses. The wide range of threats is constantly growing in modern intranets; they have become not only numerous and diverse but also more disruptive. In such circumstances, organizations realize that IS incidents’ timely detection and prevention in the future (what is more important) are not only possible but imperative. Any delay leaves only reactive actions to IS incidents, putting assets at risk as a result. A properly designed IS incident management system (ISIMS), operating as an integral part of the whole organization’s governance system, reduces IS incidents’ number and limits damage caused by them. To maximally automate IS incident management (ISIM) within one organization and to deepen its knowledge of IS level, this research proposes to unite together all advantages of a Security Intelligence Centre (SIC) and a Network Operations Centre (NOC) with their unique and joint toolkits and techniques in a unified Network SIC (NSIC). This paper presents the research, which is focused upon the designing and evaluating the concept of NSICs, and represents a novel advancement beyond existing concepts of security and network operations centres in current security monitoring scenarios. Key contributions are made in relation to underlying taxonomies of threats and attacks, leading to the requirements for NSICs, the related design, and then evaluation in a practical context and the implications arising from this (e.g. training requirements).