Functional model of SOC maturity assessment based on a maturity model

Authors

  • Артем Вікторович Жилін National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”
  • Ганна Степанівна Голич State Centre of Cyberdefence
  • Микола Миколайович Худинцев State Centre of Cyberdefence

DOI:

https://doi.org/10.18372/2410-7840.21.13954

Keywords:

cybersecurity, center of operational response to cyber incidents, assessment, efficiency, capability maturity model, metrics, functional model

Abstract

Leading modern organizations that use advanced technologies in their business processes require a high-level approach to managing the cybedefence process, regardless of the appointment of technical means usage - introspection technology (IT), industrial control systems (ICS), cyberphysical systems (CPS), or IoT devices. Therefore, the main task of IS specialists lies in the choice of standards and frameworks in the field of information technology, which contain requirements, guidelines and recommendations for the organization of up-to-date processes of cyberdefense and information security management. Security Operations Centers (SOCs), which functionate under the guidance of organizations, operate on the basis of admitted and documented usage of standards and recommendations. As for today, the problematic issue lies either in documenting instructions for the implementation of their own SOCs as they differ in functionality depending on goals and scale of implementation, available financial resources or models for assessing the maturity and capabilities of SOCs, most of which are poorly described and suggested with IT industry leaders as a commercial service. The purpose of this work is to analyze the functioning of maturity and capability assessment models in the management strategy of organization`s information security sphere and to create the functional model of assessing the level of SOC maturity, which is based on the chosen maturity model. The results of a such model`s implementation allow us to use a single approach in the process of assessing the maturity level of both individual domains and SOC in general, regardless of the choice of a maturity model with analyzing the calculations from simple metrics of achieving goals (Key Result Indicators, KRI) to business-oriented metrics. The subsequent model decomposition enables to formulate specific requirements for simple metrics on which the calculation of complex metrics is based, as well as more precisely determine the methods of analysis of the performed calculations.

Author Biographies

Артем Вікторович Жилін, National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”

сandidate of technical sciences, associate professor of the cyber security and application of information systems and technology academic department, Institute of special communication and information protection of National technical university of Ukraine “Igor Sikorsky Kyiv polytechnic institute”, Kyiv, Ukraine

Ганна Степанівна Голич, State Centre of Cyberdefence

engineer, State Centre of Cyberdefence, Kyiv, Ukraine

Микола Миколайович Худинцев, State Centre of Cyberdefence

candidate of physical and mathematical sciences, associate professor, the acting head of State Centre of Cyberdefence, Kyiv, Ukraine

References

Guide to Computer Security Log Management.

[Електронний ресурс]. Режим доступу: https://

csrc.nist.gov/publications/detail/sp/800-92/final.

Guide to Intrusion Detection and Prevention Systems (IDPS). [Електронний ресурс]. Режим доступу: https://www.nist.gov/publications/guideintrusion-detection-and-prevention-systems-idps.

Guide to Malware Incident Prevention and Handling for Desktops and Laptops. [Електронний

ресурс]. Режим доступу: https://nvlpubs. nist.

gov/nistpubs/ SpecialPublications/ NIST.SP. 800-

r1.pdf.

Computer Security Incident Handling Guide.

[Електронний ресурс]. Режим доступу: https://

nvlpubs.nist.gov/ nistpubs/ SpecialPublications/

NIST. SP.800-61r2.pdf.

Recommended Practice: Creating Cyber Forensics

Plans for Control Systems. [Електронний ресурс].

Режим доступу: https:// inldigitallibrary. inl. gov/

sites/sti/sti/4113665.pdf.

Developing an Industrial Control Systems Cybersecurity Incident Response Capability. [Електронний ресурс]. Режим доступу: https://ics-cert.uscert.gov/ sites/default/files/ recommended_practices/final-RP_ics_cybersecurity_incident_response_100609.pdf.

Herzog P. Open Source Security Testing Methodology Manual (OSSTMM). [Електронний ресурс].

Режим доступу: http://www. isecom. org/ research/ osstmm.html.

Information Security Management Maturity Model

(ISM3). [Електронний ресурс]. Режим доступу:

https://www.ism3.com/.

Cybersecurity Capability Maturity Model White Paper. Department of Homeland Security.

[Електронний ресурс]. Режим доступу: https://

niccs.us-cert.gov/ sites/ default/files/ Capability%20 Maturity%20Model%20White%20Paper.pdf?

trackDocs = Capability%20Maturity%20 Model%20

White%20Paper.pdf.

Information Technology Infrastructure Library

(ITIL). [Електронний ресурс]. Режим доступу до

ресурсу: https://www.axelos.com/best-practicesolutions/itil.

ISO/IEC 27001. [Електронний ресурс]. Режим

доступу: https://www.iso.org/isoiec-27001-information-security.html.

Control Objectives for Information and Related

Technology. [Електронний ресурс]. Режим доступу: http://www.free-management-ebooks. com/

news/cobit/.

Proenca D. Maturity Models for Information Systems - A State of the Art. [Електронний ресурс].

Режим доступу: https://www.researchgate. net/

publication/ 313838260_ Maturity_ Models_ for_

Information_Systems_-_A_State_of_the_Art.

Van Os R. SOC-CMM: Designing and Evaluating a

Tool for Measurement of Capability Maturity in Security Operations Centers. [Електронний ресурс].

Режим доступу: https://www.soc-cmm.com/.

А. Лукацкий, Как посчитать эффективность информационной безопасности? [Електронний ресурс].

Режим доступу: https:// www. cisco.com/ c/

dam/ global/ ru_ua/ training-events/events/

pdf/security_ metrics-alukatsk.pdf.

Which Cybersecurity Framework is Right for You?

[Електронний ресурс]. Режим доступу: https://

securityboulevard.com/2019/02/which-cybersecurity

-framework-is-right-for-you/.

Framework for Improving Critical Infrastructure

Cybersecurity. [Електронний ресурс]. Режим доступу: https:// nvlpubs. nist. gov/ nistpubs/ CSWP/

NIST.CSWP. 04162018.pdf.

California Cybersecurity Maturity Metrics

[Електронний ресурс]. Режим доступу: https://

cdt.ca.gov/wp-content/ uploads/2018/ 05/ Copyof-SIMM-5300-C_CACybersecurity-Maturity-Metrics_May-2018_REVISED_FINAL0525.xlsx.

Нужен ли вам SOC? [Електронний ресурс]. Режим доступу: https://www. securitylab. ru/ blog/

compa-ny/AngaraTech/341933.php.

G. Rasche, Guidelines for Planning an Integrated Security

Operations Center [Електронний ресурс]. Режим

доступу: https://www.smart-energy.com/wp-content/uploads/2014/02/EPRI-Planning-ISOC-report.pdf.

McAfee® Foundstone® Professional Services,

Creating and Maintaining a SOC: The details behind successful Security Operations Centers

[Електронний ресурс]. Режим доступу:

https://www.mcafee. com/enterprise/en-us/resource-library/publications. html.

How to Build Security Operations Center (SOC)

[Електронний ресурс]. Режим доступу: ftp://

ftpeng.cisco.com/cons/workshops/SP-Powersession -Thailand-Jan-2007/SPSEC-610-Security-Operations-Centers-Basics-Version-2.pdf.

Building an intelligence-driven security operations

center. [Електронний ресурс]. Режим доступу:

https://www.emc.com/collateral/technical-documentation/h11533-intelligence-driven-security-opscenter.pdf.

Building a successful security operations center -

Business white paper. [Електронний ресурс]. Режим доступу: https://ssl.www8.hp.com/us/en/

ssl/leadgen/ secure_ document. html? Objid =

AA46169ENW& siebelid=23803&parentUrl=https

%3A%2F%2F www. google.com%2F.

S. Albliwi, J. Antony, N. Arshed, Critical Literature

Review on Maturity Models for Business Process Excellence.

[Електронний ресурс]. Режим доступу: https://

www.academia.edu/9930188/Business_Process_

Excellence_Maturity_Models.

A. Zahoor, K. Mehboob, S. Natha, Comparison of open

source maturity models. [Електронний ресурс]. Режим

доступу: https:// www. sciencedirect. com/ science/

article/ pii/S1877050917312061.

OpenSource Maturity Model. [Електронний ресурс]. Режим доступу: https:// en. wikipedia. org/

wiki/OpenSource_Maturity_Model.

M. Aho, What is your PMI? [Електронний ресурс].

Режим доступу: https://www.slideshare.net/

mikaaho/ what-is-your-pmi-a-model-for-assessingthe- maturity- of- performance- management- inorganizations.

CERT Resilience Management Model (CERTRMM) Version 1.2. [Електронний ресурс]. Режим доступу: https://resources.sei.cmu.edu/library/asset-view.cfm? assetid=508084.

ISO/IEC 15504. [Електронний ресурс]. Режим

доступу: https://en.wikipedia.org/wiki/ISO/IEC_

T. Le, D. Hoang, Capability maturity model and metrics

frameworkfor cyber cloud security [Електронний ресурс]. Режим доступу: https://www.researchgate.

net/publication/ 321277007_ Capability_ Maturity_

Model_and_Metrics_Framework_for_Cyber_Cloud_

Security

Downloads

Published

2019-09-27

Issue

Vol. 21 No. 3 (2019)

Section

Articles

License

Authors who publish with this journal agree to the following terms:

  1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.

  2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.

  3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).