WASPP: Workflow Automation for Security Policy Procedures
Title | WASPP: Workflow Automation for Security Policy Procedures |
Publication Type | Conference Paper |
Year of Publication | 2019 |
Authors | Quinn, Ren, Holguin, Nico, Poster, Ben, Roach, Corey, Merwe, Jacobus Kobus Van der |
Conference Name | 2019 15th International Conference on Network and Service Management (CNSM) |
Keywords | ad hoc solutions, administrative policies, automated event response solutions, Automated Response Actions, Automation, composability, compositionality, generalized event response solutions, human intuition, Information Reuse and Security, information security specialists, Monitoring, organisational aspects, Pipelines, pubcrawl, Resiliency, security of data, Security Operations Center, security policy procedures, SoC, suspicious event, Systematics, Tools, University networks, WASPP, workflow automation |
Abstract | Every day, university networks are bombarded with attempts to steal the sensitive data of the various disparate domains and organizations they serve. For this reason, universities form teams of information security specialists called a Security Operations Center (SOC) to manage the complex operations involved in monitoring and mitigating such attacks. When a suspicious event is identified, members of the SOC are tasked to understand the nature of the event in order to respond to any damage the attack might have caused. This process is defined by administrative policies which are often very high-level and rarely systematically defined. This impedes the implementation of generalized and automated event response solutions, leading to specific ad hoc solutions based primarily on human intuition and experience as well as immediate administrative priorities. These solutions are often fragile, highly specific, and more difficult to reuse in other scenarios. |
DOI | 10.23919/CNSM46954.2019.9012707 |
Citation Key | quinn_waspp_2019 |
- organisational aspects
- workflow automation
- WASPP
- University networks
- tools
- Systematics
- suspicious event
- SoC
- security policy procedures
- Security Operations Center
- security of data
- pubcrawl
- Pipelines
- Information Reuse and Security
- Monitoring
- information security specialists
- human intuition
- generalized event response solutions
- composability
- automation
- Automated Response Actions
- automated event response solutions
- administrative policies
- ad hoc solutions
- Resiliency
- Compositionality