An Event Management Framework to Aid Solution Providers in Cybersecurity Open Access
Downloadable ContentDownload PDF
An Event Management Framework to Aid Solution Providers in CybersecurityCybersecurity event management is critical to the successful accomplishment of an organization’s mission. To put it in perspective, in 2016 Symantec tracked over 700 global adversaries and recorded events from 98 million sensors (Aimoto et al., 2017). Studies show that in 2015, more than 55% of the cyberattacks on government operation centers were due to negligence and the lack of skilled personnel to perform network security duties including the failure to properly identify events (Ponemon, 2015a). Practitioners are charged to perform as first responders to any event that affects the network. Inconsistencies and errors that occur at this level can determine the outcome of an event. In a time when 91% of Americans believe they have lost control over how information is collected and secured, there is nothing more dangerous than thinking new technology is not vulnerable to attacks (Rainie, 2016). Assailants target those with weak security postures who are unprepared, distracted or lack fundamental elements to identify significant events and secure the environment. Under executive order, to address these concerns organizations such as the National Institute of Standards and Technology (NIST) and International Organization of Standards (ISO) developed cybersecurity frameworks, which have been widely accepted as industry standards. These standards focus on business drivers to guide cybersecurity activities and risks within critical infrastructure. It outlines a set of cybersecurity activities, references, and outcomes that can be used to align its cyber activities with business requirements at a high-level. This praxis explores the solution provider’s role in and method of securing environments through their event management practices. Solution providers are a critical piece of proper event management. They are often contracted to provide solutions that adhere to a NIST type framework with little to no guidance. There are supportive documents and guides for event management but nothing substantive like the Cybersecurity Framework and ISO 27001 has been adopted. Using existing processes and protocols an event management framework is proposed that can be utilized to properly manage events and aid solution providers in their cybersecurity mission. Knowledge of event management was captured through subject matter expertise and supported through literature review and investigation. Statistical methods were used to identify deficiencies in cyber operations that would be worth addressing in an event management framework.