TY - GEN
T1 - Towards a security event data taxonomy
AU - Gonzalez-Granadillo, Gustavo
AU - Rubio-Hernán, José
AU - Garcia-Alfaro, Joaquin
N1 - Publisher Copyright:
© Springer International Publishing AG, part of Springer Nature 2018.
PY - 2018/1/1
Y1 - 2018/1/1
N2 - The information required to build appropriate impact models depends directly on the nature of the system. The information dealt by health care systems, for instance, is particularly different from the information obtained by energy, telecommunication, transportation, or water supply systems. It is therefore important to properly classify the data of security events according to the nature of the system. This paper proposes an event data classification based on four main aspects: (i) the system’s criticality, i.e., critical vs. non-critical; (ii) the geographical location of the target system, i.e., internal vs. external; (iii) the time at which the information is obtained and used by the attacker i.e., a priory vs. a posteriori; and (iv) the nature of the data, i.e., logical vs. physical. The ultimate goal of the proposed taxonomy is to help organizations in the assessment of their assets and events.
AB - The information required to build appropriate impact models depends directly on the nature of the system. The information dealt by health care systems, for instance, is particularly different from the information obtained by energy, telecommunication, transportation, or water supply systems. It is therefore important to properly classify the data of security events according to the nature of the system. This paper proposes an event data classification based on four main aspects: (i) the system’s criticality, i.e., critical vs. non-critical; (ii) the geographical location of the target system, i.e., internal vs. external; (iii) the time at which the information is obtained and used by the attacker i.e., a priory vs. a posteriori; and (iv) the nature of the data, i.e., logical vs. physical. The ultimate goal of the proposed taxonomy is to help organizations in the assessment of their assets and events.
KW - Countermeasure selection
KW - Data classification
KW - Risk assessment
KW - Security event taxonomy
U2 - 10.1007/978-3-319-76687-4_3
DO - 10.1007/978-3-319-76687-4_3
M3 - Conference contribution
AN - SCOPUS:85044003063
SN - 9783319766867
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 29
EP - 45
BT - Risks and Security of Internet and Systems - 12th International Conference, CRiSIS 2017, Revised Selected Papers
A2 - Cuppens, Nora
A2 - Cuppens, Frederic
A2 - Legay, Axel
A2 - Lanet, Jean-Louis
A2 - Garcia-Alfaro, Joaquin
PB - Springer Verlag
T2 - 12th International Conference on Risks and Security of Internet and Systems, CRiSIS 2017
Y2 - 19 September 2017 through 21 September 2017
ER -