CTI-SOC2M2 – The quest for mature, intelligence-driven security operations and incident response capabilities

Schlette, Daniel; Vielberth, Manfred; Pernul, Günther

doi:10.1016/j.cose.2021.102482

Cited by 16 publications

(3 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Other research has aimed to improve SOC effectiveness by addressing critical asset onboarding and identifying challenges (Onwubiko, 2021). Notable systematic literature reviews (Schlette, Vielberth & Pernul, 2021) have generated recommendations for enhancing SOC effectiveness. Additionally, research has extensively explored ways to improve SOC analyst performance (Agyepong et al, 2020).…”

Section: The Security Operations Centrementioning

confidence: 99%

Strengthening Aviation Cybersecurity with Security Operations Centres

Murisa,

Coetzee

2024

iccws

View full text Add to dashboard Cite

Even though cybersecurity is a top priority for the aviation industry, research indicates that there are still many challenges to address. Modern aviation systems encompass cloud computing, OT, IoT, mobile devices, and traditional IT infrastructure. The network complexity has expanded the attack surface, leading to an increase in security incidents. Due to this complexity, detecting security incidents on time is challenging. Research indicates that it may take up to 196 days to detect an incident and another 56 days to address it, highlighting the urgency of improving security response. In this regard, establishing Security Operations Centres (SOCs) in the aviation sector must be addressed. SOCs can be instrumental in reducing the time it takes to detect and respond to security incidents. They provide visibility into threats, aid investigations, and enhance forensic efforts, enabling proactive threat mitigation. Research has been carried out on SOC implementations for specific domains like IoT, mobile devices, and higher education, neglecting aviation systems. Aviation systems such as Air Traffic Management (ATM) face unique security vulnerabilities, including signal modification, jamming, flooding, data and command injection, GPS spoofing, and blocking attacks, primarily due to their reliance on wireless technology. Most of these wireless technologies do not use encryption or authentication because they were designed to maximise performance. Insufficient funding also negatively affects ATM systems, resulting in the wide use of legacy ATM systems and a shortage of skilled personnel. ATM systems are considered critical infrastructure frequently targeted by well-resourced threat actors, including terrorists and nation-state actors, necessitating higher protection levels. This paper motivates the development of a customised SOC implementation framework for ATM systems to enhance aviation security by increasing visibility into threats and facilitating timely remediation.

show abstract

Section: The Security Operations Centrementioning

confidence: 99%

Strengthening Aviation Cybersecurity with Security Operations Centres

Murisa,

Coetzee

2024

iccws

View full text Add to dashboard Cite

show abstract

“…© Springer International Publishing AG 2017. 21 CTI-SOC2M2-The quest for mature, intelligence-dr iven secur ity operations and incident response capabilities [69] This article discusses the importance of cyber threat intelligence (CTI) and its sharing to cope with advanced threats and strongly influence security capabilities.…”

Section: Num Article Cite Brief Descriptionmentioning

confidence: 99%

AIM Triad: A Prioritization Strategy for Public Institutions to Improve Information Security Maturity

et al. 2023

View full text Add to dashboard Cite

In today’s world, private and government organizations are legally obligated to prioritize their information security. They need to provide proof that they are continually improving their cybersecurity compliance. One approach that can help organizations achieve this goal is implementing information security maturity models. These models provide a structured framework for measuring performance and implementing best practices. However, choosing a suitable model can be challenging, requiring cultural, process, and work practice changes. Implementing multiple models can be overwhelming, if possible. This article proposes a prioritization strategy for public institutions that want to improve their information security maturity. We thoroughly analyzed various sources through systematic mapping to identify critical similarities in information security maturity models. Our research led us to create the AIM (Awareness, Infrastructure, and Management) Triad. This triad is a practical guide for organizations to achieve maturity in information security practices.

show abstract

“…Security Operations Centres (SOCs) have had much increase in use and popularity in recent times and have become an active topic of research ( Ahmad et al, 2021;Cho et al, 2020;Schlette et al, 2021;Vielberth et al, 2020 ). A SOC is a centralised unit inside or outside an organisation that helps businesses to defend their network against cyberattacks by monitoring and responding to security incidents ( Achraf Chamkar et al, 2021;Majid and Ariffi, 2019 ).…”

Section: Introductionmentioning

confidence: 99%