security data
7 hours ago
Week 13 Discussion
窗体顶端
Security Information and Event Management
SIEM system cannot operate on its own without the normalized data in the system. The interrelation of the normalized data and the SIEM occurs based on the availability of the data in the system. The operation of the SIEM, like sorting and obtaining the correct data for the organization to enhance decision-making, requires various logs of data that can be contributed through data mining and analytics (Sekharan & Kandasamy, 2017). Normalization is essentials for the development of the SIEM values and the maximization of the entry data. Various tools have been implemented to develop the security purpose and control the infrastructure servers in the system. The development of the security information and the event management requires the normalization to provide and enable data logs and processing of the human activities. Normalization facilities the breakdown of the larger volumes of the data into subsystems and variables that can be combined to provide the best possible administration of the security practices. Therefore, SIEM cannot operate without the background of normalization of data.
The operation of the SIEM does not need the human analytics operation. Instead, the SIEM gathers the information and facilitates the development of absolute data security and management by implementing the normalized data in the system (Bryant & Saiedian, 2020). Human analytics integrates user behavior analytics to gather valuable information that helps make the final decision and security management. The outliers and the identity devices are analyzed using human analytics to overcome the threats of confusion and multiple attackers. SIEM collects the background information and researches the human life welfare and the treats that can be consolidated from various environmental networks to make it accessible by humans. Therefore, SIEM operation does not require the operation of human analytics because the SIEM gathers the whole information about the human experiences and the threats to make a stable and working environment for the system development and accessibility. Specific rules apply in the system in the formulation and the implementation of the SIEM security system. The core data aggregator and the system's reporting make the security information and the event management successful. The geographical areas of the places will be well installed with the network access in the whole organization and the operation of humans.
窗体底端
Abdul Rafath Khan Mohammad
Week 13 Discussion
窗体顶端
A SIEM System that does not Normalize Data
A SIEM System will not be considered valuable if it does not normalize data. Normalizing data is the process of organizing data in a database by creating tables and establishing relationships between the created tables according to the rules crafted to protect the data and make the database flexible by eliminating conflicting dependency and redundancies. The main aim of normalizing data is to change the values of numeric columns in the dataset to use a standard scale without losing the actual data. A SIEM system should normalize data using a standard format or structure that can be easily comprehended and analyzed (Chapple, 2020). Typically, normalizing data emboldens the effectiveness of the security task force in analyzing the data and maximizes the esteem of the SIEM system. Generally, a SIEM system should normalize data to ensure that the streams of machine information are transformed into structure and formats that can be easily understood, analyzed, and used by the users.
The Need of a Human Analyst in an Organization that Uses the SIEM System
Typically, a human analyst will be a necessity for an organization that still uses the SIEM system. A human analyst is a must-have resource in an organization that uses the SIEM system because the SIEM system may experience some problems; therefore, a human analyst will be needed to affirm and counter-check anything that the SIEM system claims to be actual (Montesino et al., 2015). Also, since the SIEM system is automated, sometimes wrong positives happen during the streaming of information, thus generating information that does not reflect the system. Therefore, a human analyst will be needed to handle the issue.
The SIEM system addresses the objects subjected to it; therefore, it should be outlined and analyzed. In this case, a human analyst is the one who will examine and analyze the SIEM system (Montesino et al., 2015). Typically, in an organization that still uses the SIEM system, a human analyst will play a key role in picking up the different organizational preferences to ensure that organizational objectives are achieved. Also, a human analyst is needed in an organization that uses the SIEM system to repair any damages in the system as the system does not repair itself.
2 days ago
Discussion
窗体顶端
Security professionals must deal with the legal issues involving what is acceptable in terms of the security of an organization and the consequences of that attack. The first is written procedure, which deals with hiring and training personnel, handling and disposing of hazardous waste, and establishing the security policy or procedure for employees and property. The second type of procedure deals with procedures that are specific to the environment. These procedures need not be specific to any individual department, business unit, or individual facility. A final type of procedure is one specific to an individual facility. The consequences to the organization for not following the security procedures are Legal Liability, increases Vulnerability; Repeat attacks (Curran et al., 2020).
A few basic principles of security procedures include Preparation Make sure security procedures are followed. Logical Secure the procedures with security implications. Critical thinking Study the implications of the procedures on the organization's operations. Guiding principles those principles that help ensure the security of the organization in its mission. A security procedure should specify the following: Who will be affected, the scope of the problem, how it will affect the organization. There are many possible causes of Vulnerability. Vulnerability is always a combination of several factors, and vulnerability may or may not be a single exploit. These include Hardware or operating system weakness: Software vulnerability: Internal Vulnerability: Intrusion or attack on the device: Intrusion of system components, and Vulnerability of data such as a file, application, or application's metadata (Grande et al., 2021).
Repeat attacks use the same attacker and the same exploit on the same target to exploit vulnerability more than once. This makes it very difficult to defend against and is a standard method of attack. There are many variations on the repeat attack: Inbound Attack. An attacker enters a site and attempts to access protected resources such as files, directories, and network connections. The attack begins by trying to connect to an unauthorized user account or by attempting to access protected resources without being detected (Curran et al., 2020).
Shireesha Mallogi
Discussion
窗体顶端
End-User Security Awareness: The Absence of Security Procedures within Organizations
As a security awareness instructor, it is essential to acknowledge that security understandings are attributed to the evolving IT developments and utility. Furthermore, end-user security is a vital contemplation that significantly confirms application programmers and network administrators' viability and liability of user-interaction results (Nieles et al., 2017). End-users should decisively discern security protocols since they are determinant entities who can substantively merit the overall security framework (organizations and end-users). Additionally, end-users must comprehensively understand that disregarding authentication procedures and physical access controls as adaptive security mechanisms result in phishing and physical theft.
Conventionally, end-users should effectively perceive the significance of authentication procedures through password management. In addition, end-users must be aware that weak passwords are replaced with strong passwords having unique credentials. The end-user should equally understand that passwords are exclusive attributes that must not be revealed to other individuals. Physical access controls are primary considerations relevant within an organizational context (Solomon, 2019). Staff members who utilize corporate assets are regarded as end-users whose liability determines the security of executive properties. Best practices should instruct end-users within an organization to apply ordinary procedures of instituting surveillance systems, locks, and security personnel.
Conclusively, an end-user who does not realize authentication techniques as a security control procedure will encounter phishing. As a result, the end-user will engage in false corporate interactions that will compromise the accountability of a genuine organization (Lee et al., 2019). A user will offer exclusive corporate information to malicious agents such as hackers who deceivingly assume the identity of a valid organization. If an end-user does not adhere to physical access controls, theft through corporate breach will account for significant loss of organizational assets. However, both adverse scenarios (phishing and physical theft) promote corporate security awareness to safeguard end-user interests.
窗体底端