Security and Reliability Requirements for Advanced Security Event Management

This paper addresses security information management in complex application scenarios. Security Information and Event Management (SIEM) systems collect and examine security related events, with the goal of providing a unified view of the monitored systems' security status. While various SIEMs are in production, there is scope to extend the capability and resilience of these systems. The use of SIEM technology in four disparate scenario areas is used in this paper as a catalyst for the development and articulation of Security and Reliability requirements for advanced security event management. The scenarios relate to infrastructure management for a large real-time sporting event, a mobile money payment system, a managed services environment and a cyber-physical dam control system. The diversity of the scenarios enables elaboration of a comprehensive set of Security and Reliability requirements which can be used in the development of future SIEM systems.

[1]  Donald Firesmith,et al.  Security Use Cases , 2003, J. Object Technol..

[2]  Mario Piattini,et al.  A common criteria based security requirements engineering process for the development of secure information systems , 2007, Comput. Stand. Interfaces.

[3]  Daniel Mellado,et al.  A systematic review of security requirements engineering , 2010, Comput. Stand. Interfaces.

[4]  Maritta Heisel,et al.  Analysis and Component-based Realization of Security Requirements , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[5]  David Clark,et al.  Safety and Security Analysis of Object-Oriented Models , 2002, SAFECOMP.

[6]  Luigi Coppolino,et al.  Integration of a System for Critical Infrastructure Protection with the OSSIM SIEM Platform: A dam case study , 2011, SAFECOMP.

[7]  Roland Rieke,et al.  MASSIF: A Promising Solution to Enhance Olympic Games IT Security , 2011, ICGS3/e-Democracy.

[8]  Nancy R. Mead,et al.  Security Requirements Engineering for Software Systems: Case Studies in Support of Software Engineering Education , 2006, 19th Conference on Software Engineering Education & Training (CSEET'06).

[9]  Maritta Heisel,et al.  A comparison of security requirements engineering methods , 2010, Requirements Engineering.

[10]  Kelly M. Kavanagh,et al.  Magic Quadrant for Security Information and Event Management , 2011 .

[11]  S. Shankar Sastry,et al.  A Taxonomy of Cyber Attacks on SCADA Systems , 2011, 2011 International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing.

[12]  Donald Firesmith,et al.  Engineering Security Requirements , 2003, J. Object Technol..