Automation of Incident Acquisition, Analysis and Reporting in Academic Environment

Abstract

Academic Institutes are considered as a backbone of any country. Security of its information resources (academic and research) is of paramount importance. The statistics have shown that academic institutions are among the top three targets for cyber-crimes. There are many security steps that are taken by institutes to address this challenge. Firewalls, Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are some of the security controls that are deployed to circumvent these threats. However, the sophistication and novelty in the attacks make the normal security procedures inadequate. To fulfill the changing requirements of information security, the institutes need to invest in developing the Security Operation Centers (SOC) and Security Information and Event Management (SIEM). SOC/SIEM is a comprehensive infrastructure that works in tandem with Computer Security Incident Response Team (CSIRT) to manage the security operations of the organization. SOC/SIEM can provide better coordinated security and rapid response against threats and vulnerabilities throughout the networks. This research thesis highlights the need of establishing SOC and deploying a SIEM infrastructure in academic institutes for incident acquisition analysis and reporting.