• Title/Summary/Keyword: Security Information Event Management

Search Result 95, Processing Time 0.02 seconds

A Empirical Analysis on the Effect of Seasoned Equity Offering on the Stock's Price (SEO공시 전후의 주가변화에 대한 실증분석)

  • Shin, Yeon-Soo
    • Journal of Industrial Convergence
    • /
    • v.1 no.1
    • /
    • pp.127-142
    • /
    • 2003
  • This Study examines the implications for event studies using the daily stock data. The output present the event study results. The event period is defined from 30 days before through 30 days after the event date, and is broken into four "windows" for abnormal return cumulation: the pre-event period, days -30 through -2; dajys -1 and 0, a period commonly investigated for the immediate impact of the event; and the post-event period, days +1 through +30. It shows how firm's information offerings affect the price process and consequent issues. The Patell Z test is an examples of a standardized abnormal return approach, which estimate a separate standard error for each security-event and assumes cross-sectional independence. The generalized sign test adjusts for the fraction of positive abnormal returns in the estimation period instead of assuming 0.5.

  • PDF

Study of Conversions Security Management System, Co-Relation Rule-Set scenario and architecture for incidence detection (융합보안관제환경을 위한 아키텍처 구축 및 활용 방안에 대한 연구)

  • Hwang, Donguk;Lee, Sanghun
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.24 no.2
    • /
    • pp.353-371
    • /
    • 2014
  • We already have seen many studies and articles about the methodology responding the security risks and threats. But we still have some controversial subjects to be settled. Now, we are living in the era that we should focus on how to use the security systems instead of how to make it. In this point of view, a company need to find out the answer for these questions, which security risks have to be handled in a corporate, which system is better for responding the security threats, and how we can build necessary security architecture in case of developing systems. In this article, we'd like to study on-site scenarios threatening the corporate assets, the limit on dealing with these threats, and how to consolidate the security events and information from enormous assets. Also, we'd like to search for the direction form the actual cases which have shown the desired effect from converging the assets and network informations.

Agent Based Information Security Framework for Hybrid Cloud Computing

  • Tariq, Muhammad Imran
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.13 no.1
    • /
    • pp.406-434
    • /
    • 2019
  • In general, an information security approach estimates the risk, where the risk is to occur due to an unusual event, and the associated consequences for cloud organization. Information Security and Risk Management (ISRA) practices vary among cloud organizations and disciplines. There are several approaches to compare existing risk management methods for cloud organizations but their scope is limited considering stereo type criteria, rather than developing an agent based task that considers all aspects of the associated risk. It is the lack of considering all existing renowned risk management frameworks, their proper comparison, and agent techniques that motivates this research. This paper proposes Agent Based Information Security Framework for Hybrid Cloud Computing as an all-inclusive method including cloud related methods to review and compare existing different renowned methods for cloud computing risk issues and by adding new tasks from surveyed methods. The concepts of software agent and intelligent agent have been introduced that fetch/collect accurate information used in framework and to develop a decision system that facilitates the organization to take decision against threat agent on the basis of information provided by the security agents. The scope of this research primarily considers risk assessment methods that focus on assets, potential threats, vulnerabilities and their associated measures to calculate consequences. After in-depth comparison of renowned ISRA methods with ABISF, we have found that ISO/IEC 27005:2011 is the most appropriate approach among existing ISRA methods. The proposed framework was implemented using fuzzy inference system based upon fuzzy set theory, and MATLAB(R) fuzzy logic rules were used to test the framework. The fuzzy results confirm that proposed framework could be used for information security in cloud computing environment.

Implementation of Security Information and Event Management for Realtime Anomaly Detection and Visualization (실시간 이상 행위 탐지 및 시각화 작업을 위한 보안 정보 관리 시스템 구현)

  • Kim, Nam Gyun;Park, Sang Seon
    • Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
    • /
    • v.8 no.5
    • /
    • pp.303-314
    • /
    • 2018
  • In the past few years, government agencies and corporations have succumbed to stealthy, tailored cyberattacks designed to exploit vulnerabilities, disrupt operations and steal valuable information. Security Information and Event Management (SIEM) is useful tool for cyberattacks. SIEM solutions are available in the market but they are too expensive and difficult to use. Then we implemented basic SIEM functions to research and development for future security solutions. We focus on collection, aggregation and analysis of real-time logs from host. This tool allows parsing and search of log data for forensics. Beyond just log management it uses intrusion detection and prioritize of security events inform and support alerting to user. We select Elastic Stack to process and visualization of these security informations. Elastic Stack is a very useful tool for finding information from large data, identifying correlations and creating rich visualizations for monitoring. We suggested using vulnerability check results on our SIEM. We have attacked to the host and got real time user activity for monitoring, alerting and security auditing based this security information management.

Real-Time File Access Event Collection Methodology for Zero Trust Environment (제로 트러스트 환경의 실시간 파일 접근 이벤트 수집 방법에 관한 연구)

  • Han, Sung-Hwa;Lee, Hoo-Ki
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.25 no.10
    • /
    • pp.1391-1396
    • /
    • 2021
  • The boundary-based security system has the advantage of high operational efficiency and easy management of security solutions, and is suitable for denying external security threats. However, since it is operated on the premise of a trusted user, it is not suitable to deny security threats that occur from within. A zero trust access control model was proposed to solve this problem of the boundary-based security system. In the zero trust access control model, the security requirements for real-time security event monitoring must be satisfied. In this study, we propose a monitoring method for the most basic file access among real-time monitoring functions. The proposed monitoring method operates at the kernel level and has the advantage of fundamentally preventing monitoring evasion due to the user's file bypass access. However, this study focuses on the monitoring method, so additional research to extend it to the access control function should be continued.

PRISM: A Preventive and Risk-reducing Integrated Security Management Model using Security Label (PRISM: 보안 레이블을 이용한 위험예방 통합보안관리 모델)

  • Kim, Dong-Soo;Kim, Tae-Kyung;Chung, Tai-Myoung
    • The KIPS Transactions:PartC
    • /
    • v.10C no.6
    • /
    • pp.815-824
    • /
    • 2003
  • Many organizations operate security systems and manage them using the intergrated secutity management (ISM) dechnology to secyre their network environment effectively. But current ISM is passive and behaves post-event manner. To reduce cost and resource for managing security and to remove possbility of succeeding in attacks by intruder, the perventive security management technology is required. In this paper, we propose PRISM model that performs preventative security management with evaluating the security level of host or network and the sensitivity level of information asset from potential risks before security incidents occur. The PRISM can give concrete and effective security management in managing the current complex networks.

A Study on Operating the IaaS Cloud Computing in view of Integrated Security Management System (통합보안관리시스템을 고려한 IaaS 클라우드 컴퓨팅 운영에 관한 연구)

  • Choi, Ju-Young;Park, Choon-Sik;Kim, Myuhng-Joo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.1
    • /
    • pp.141-153
    • /
    • 2012
  • In the recent years, various researches on the use cases of the cloud computing service have been achieved for its standardization. Notwithstanding, we need more additory effort to refine the operating mechanisms on the cloud computing environment. In this paper, we suggest an operating mechanism on IaaS cloud computing environment that is related to the integrated security management system. By using CloudStack 2.2.4 toolkit, we have built a test-bed for IaaS cloud computing service i.e., SWU-IaaS cloud computing environment. Through operating this hierarchical SWU-IaaS cloud computing environment, we have derived the attributes and the methods of its components. Its scenarios can be described in case of both normal state and abnormal state. At the end, a special scenario has been described when it receives a security event from the integrated security management system.

G-Pedigree and G-code System of RFID-based Development for Forward & Reverse Logistics Management (순물류와 역물류 관리에 적합한 RFID 기반의 G-Pedigree 시스템과 G-code 체계 개발)

  • Hwang, Bo-Hyun;Yun, Jong-Ho;Choi, Myung-Ryul
    • Journal of The Institute of Information and Telecommunication Facilities Engineering
    • /
    • v.9 no.3
    • /
    • pp.112-118
    • /
    • 2010
  • This paper propose G-code and G-Pedigree system that are development based on the e-Pedigree and EPC, and RFID solutions for logistics management is proposed. The proposed G-Pedigree system to include the forward logistics and reverse logistics all logistics and management systems are appropriate for the event, with security features, security and accessibility of critical data was strengthened. The proposed G-code systems and the EPC code of the existing RFID readers, tags can be applied to, the more you can manage the logistics-related information.

  • PDF

A Study on Security Event Detection in ESM Using Big Data and Deep Learning

  • Lee, Hye-Min;Lee, Sang-Joon
    • International Journal of Internet, Broadcasting and Communication
    • /
    • v.13 no.3
    • /
    • pp.42-49
    • /
    • 2021
  • As cyber attacks become more intelligent, there is difficulty in detecting advanced attacks in various fields such as industry, defense, and medical care. IPS (Intrusion Prevention System), etc., but the need for centralized integrated management of each security system is increasing. In this paper, we collect big data for intrusion detection and build an intrusion detection platform using deep learning and CNN (Convolutional Neural Networks). In this paper, we design an intelligent big data platform that collects data by observing and analyzing user visit logs and linking with big data. We want to collect big data for intrusion detection and build an intrusion detection platform based on CNN model. In this study, we evaluated the performance of the Intrusion Detection System (IDS) using the KDD99 dataset developed by DARPA in 1998, and the actual attack categories were tested with KDD99's DoS, U2R, and R2L using four probing methods.

An Analysis of System Log using Regular Expressions (정규표현식을 이용한 시스템 로그 분석)

  • Kim, Hong-Kyung;Rhee, Kyung-Hyune
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2020.05a
    • /
    • pp.154-156
    • /
    • 2020
  • 보안업무를 수행하는 담당자로서 사이버 피해 여부를 파악하기 위한 가장 중요한 업무 중의 하나는 피해를 입은 시스템과 서비스에서 발생되는 다양한 로그들을 정확하게 분석하는 것이다. 그러나 해당 기관이 보안로그를 전문적으로 분석하는 SIEM(Security Information and Event Management)과 같은 솔루션이 없을 경우 보안업무 담당자가 피해 시스템에서 추출된 로그만 가지고 직접 분석하여 공격여부를 판단하기는 쉽지 않다. 따라서 본 논문에서는 정규표현식을 이용하여 다양한 시스템의 로그를 쉽고 정확하게 분석하는 방법을 제시한다.