Examining the Return on Investment of a Security Information and Event Management Solution in a Notional Department of Defense Network Environment

Warnecke, Matthew P.

Examining the Return on Investment of a Security Information and Event Management Solution in a Notional Department of Defense Network Environment

Active / Technical Report | Accession Number: ADA583794 |

Open PDF

Abstract:

Sophisticated cyber threats represent a significant adversary in the evolving world of the cyber domain. Furthermore, determining whether or not an attack has taken place and the extent of the damage caused requires significant resources. In order to guarantee reliable detection, prevention and mitigation of these advanced threats, the Department of Defense DoD must invest in advanced information security technologies that increase the defensive capabilities of its information networks. This thesis focuses on Security Information and Event Management SIEM systems as an enabling technology that possesses the advanced security capabilities required to address sophisticated, evolving cyber threats. The research explores the capabilities of this technology in terms of the speed of detection, depth of investigative power, and additional value provided. Additionally, this research attempts to quantify the return on investment that a SIEM solution could provide when deployed in a notional DoD network architecture. Ultimately, the research provided in this thesis endeavors to justify DoD investment in SIEM technology. The focus of this research revolves around a qualitative description of the inherent capabilities of SIEM products and utilizes several Return on Security Investment models in an attempt to quantitatively define the value of these capabilities in a DoD network.

Author(s):

Warnecke, Matthew P.

Author Organization(s):

NAVAL POSTGRADUATE SCHOOL MONTEREY CA

Descriptive Note:

Master's thesis

Pagination:

0107

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:

Approved For Public Release

Distribution Statement:

Approved For Public Release; Distribution Is Unlimited.

RECORD

Collection: TR

Identifying Numbers

Monitor Series:

NPS

Subject Terms

Joint Capability Areas:

JCA_8_Building Partnerships; JCA_8.2_Shape; JCA_8.2.4_Leverage Capacities and Capabilities of Security Establishments; JCA_6_Net Centric; JCA_7_Protection; JCA_5_Command and Control; JCA_3_Force Application; JCA_7.1.2_Prevent Non-kinetic Attack; JCA_7.1_Prevent; JCA_6.4.1_Secure Information Exchange; JCA_6.4.2_Protect Data and Networks; JCA_6.4_Information Assurance; JCA_7.2.1_Mitigate Lethal Effects; JCA_7.2_Mitigate; JCA_6.1.3_Switching and Routing; JCA_6.1_Information Transport; JCA_5.2_Understand; JCA_3.2_Engagement; JCA_3.2.2_Non-Kinetic Means; JCA_5.2.3_Share Knowledge and Situational Awareness; JCA_5.3_Planning

Communities of Interest:

Cyber

Descriptor(s):

*DEFENSE SYSTEMS, *DEPARTMENT OF DEFENSE, *INFORMATION SECURITY, MANAGEMENT

Field(s)/Group(s):

Information Science, Military Forces and Organizations, Defense Systems

Keyword(s):

CYBER THREATS, INCIDENT RESPONSE, NETWORK INTRUSION, RETURN ON INVESTMENT, RETURN ON SECURITY, RETURN ON SECURITY INVESTMENT, SECURITY EVENT CORRELATION, SIEM(SECURITY INFORMATION AND EVENT MANAGEMENT)

Report Date:

2013 Jun 01

Creation Date:

2013 Sep 23