Effectiveness of security incident event management (SIEM) system for cyber security situation awareness

Abstract

Cyber-attacks have always targeted information communication technology systems of various organizations. Intruders and hackers have within their reach, very powerful tools through which they capable to bypass the existing network security so as to deliver a payload that might have a severe impact on the whole organization. Therefore, it has become essential for organizations to develop mechanisms through which they can detect a possible cyber threat and then respond accordingly. By establishing cybersecurity situation awareness, organizations will understand what is happening and then respond effectively. The present study evaluated the effectiveness of the Security Incident Event Management (SIEM) system for Cyber Security Situation Awareness. A Hierarchical Network Security Situation Assessment Model (referred to HNSSAM) which joins Security Incident Event Management (SIEM) system evidence theory fusion rules with classified quantitative risk assessment method was applied. Data processing was initially designed so as to collect security data from various sensors. Mechanisms for data verification were then adopted so as to establish whether SIEM was effective in successfully detecting any form of cyber-attack. Results show that SIEM tools may be applied by security analysts to gain visibility into the security threats attacking the IT systems of an organization and then respond appropriately.