DocumentCode :
1928281
Title :
The CISO´s Multitool Knife
Author :
Baud, Loïc ; Bellot, Patrick
Author_Institution :
Inst. Telecom, Telecom ParisTech & LTCI CNRS, Paris, France
fYear :
2011
fDate :
18-21 May 2011
Firstpage :
1
Lastpage :
7
Abstract :
In this article we present a security tool that aims to help Chief Information Security Officers (CISO) and their staffs accomplishing their jobs. A CISO and its staff identify, develop, implement processes in order to respond and mitigate threats against the information system of their employers company. Nowadays, the information systems are so complex that it becomes hard to analyze what is going on these systems and consequently hard to react in real-time and in an adequate way to the potentially- malicious events that may occur. The tool described in this article is especially designed to react in real time to various threats and challenges occurring, this mechanism is distributed and fully automated, no human intervention is required. This tool is composed of two distinct parts: the immune system and its memory. The immune system has agents that collect data on various different entities infrastructure review, analyze and deduce the Security Assurance values of these entities and commits an immune response (reconfiguration, isolation of the compromised parts, etc) upon detection of anomalies or threats. The memory securely logs the information on the events considered as potentially malicious by the immune system and the corresponding immune responses. These logs could be used by the CISO and its staff to perform digital forensics and readapt its security policies. The immune system and the memory are also able to react to and tolerate failures or attacks since they are deployed over a resilient overlay network called ROSA. Our tool is the perfect "Multitool Knife" for the CISO.
Keywords :
artificial immune systems; computer forensics; CISO; ROSA; anomaly detection; chief information security officers; digital forensics; employers company; human intervention; immune responses; immune system; information system; multitool knife; overlay network; potentially malicious; potentially-malicious events; security assurance values; security policy; security tool; staff identify; threat detecion; Error analysis; Immune system; Routing; Security; Sensors; Servers; Workstations;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Network and Information Systems Security (SAR-SSI), 2011 Conference on
Conference_Location :
La Rochelle
Print_ISBN :
978-1-4577-0735-3
Type :
conf
DOI :
10.1109/SAR-SSI.2011.5931377
Filename :
5931377
Link To Document :
بازگشت