Visible to the public WASPP: Workflow Automation for Security Policy Procedures

Submitted by aekwall on Mon, 08/24/2020 - 12:41pm
TitleWASPP: Workflow Automation for Security Policy Procedures
Publication TypeConference Paper
Year of Publication2019
AuthorsQuinn, Ren, Holguin, Nico, Poster, Ben, Roach, Corey, Merwe, Jacobus Kobus Van der
Conference Name2019 15th International Conference on Network and Service Management (CNSM)
Keywordsad hoc solutions, administrative policies, automated event response solutions, Automated Response Actions, Automation, composability, compositionality, generalized event response solutions, human intuition, Information Reuse and Security, information security specialists, Monitoring, organisational aspects, Pipelines, pubcrawl, Resiliency, security of data, Security Operations Center, security policy procedures, SoC, suspicious event, Systematics, Tools, University networks, WASPP, workflow automation
Abstract

Every day, university networks are bombarded with attempts to steal the sensitive data of the various disparate domains and organizations they serve. For this reason, universities form teams of information security specialists called a Security Operations Center (SOC) to manage the complex operations involved in monitoring and mitigating such attacks. When a suspicious event is identified, members of the SOC are tasked to understand the nature of the event in order to respond to any damage the attack might have caused. This process is defined by administrative policies which are often very high-level and rarely systematically defined. This impedes the implementation of generalized and automated event response solutions, leading to specific ad hoc solutions based primarily on human intuition and experience as well as immediate administrative priorities. These solutions are often fragile, highly specific, and more difficult to reuse in other scenarios.
DOI10.23919/CNSM46954.2019.9012707
Citation Keyquinn_waspp_2019
Groups: