Abstract:
Academic Institutes are considered as a backbone of any country. Security of
its information resources (academic and research) is of paramount importance. The
statistics have shown that academic institutions are among the top three targets for
cyber-crimes. There are many security steps that are taken by institutes to address this
challenge. Firewalls, Intrusion Detection Systems (IDS) and Intrusion Prevention
Systems (IPS) are some of the security controls that are deployed to circumvent these
threats. However, the sophistication and novelty in the attacks make the normal
security procedures inadequate. To fulfill the changing requirements of information
security, the institutes need to invest in developing the Security Operation Centers
(SOC) and Security Information and Event Management (SIEM). SOC/SIEM is a
comprehensive infrastructure that works in tandem with Computer Security Incident
Response Team (CSIRT) to manage the security operations of the organization.
SOC/SIEM can provide better coordinated security and rapid response against threats
and vulnerabilities throughout the networks. This research thesis highlights the need
of establishing SOC and deploying a SIEM infrastructure in academic institutes for
incident acquisition analysis and reporting.
