Issue No. 01 - January/February (2012 vol. 10)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2011.153
Idoia Aguirre , the Multidisciplinary Innovation and Technology Center of Navarra (Cemitec)
Sergio Alonso , the Multidisciplinary Innovation and Technology Center of Navarra (Cemitec)
Many preventive security measures purport to protect networks from cyber intrusions. These adopted measures can generate a large amount of information that should be stored and analyzed to enable responses to detected attacks. Security information and event managers (SIEMs) are indispensable for collecting all of a system's security-related information in a central repository. This can then provide trend analysis and lead analysts to adopt appropriate actions. A collaborative work approach lets SIEMs of different trusted domains share alarms and their countermeasures. By sharing alarms and adopted measures in domains with similar profiles, the authors hope to enhance a global view of the security and facilitate decision making for security-domain administrators.
computer-supported cooperative work, decision support, data sharing, security, security information and event managers, SIEM
I. Aguirre and S. Alonso, "Improving the Automation of Security Information Management: A Collaborative Approach," in IEEE Security & Privacy, vol. 10, no. , pp. 55-59, 2012.