Mario Mišić (2013) SECURITY INFORMATION AND EVENT MANAGEMENT SYSTEMS. EngD thesis.
Abstract
The fast development of computer technology and electronic networks has contributed to the introduction of information systems to different economic activities. This has significantly increased the exposure to security threats and potential intrusions into such systems. Questions of how to use measures for the safeguarding of information systems and how to protect them are becoming more and more common. Therefore, I presented one of the measures, which represents a system for managing security information and events (SIEM), in the Diploma thesis. I focused on the information security and how to ensure it. Among other, I described security threats we face nowadays in the form of external threats as well as within the local network. Here, it is extremely important that we identify the threat or attack on the system at the right time, classify it appropriately and try to prevent its effects. I presented different types of malevolent programming codes that exploit the vulnerability of operating systems. The security information and event management system (SIEM) provides a comprehensive overview of the security state of the information system in real time and in one place. One of such systems is also AlienVault. I presented its structure, functionality, user interface and its position on the market. I described the installation of the system on the server, its settings for proper functioning and the manner of alerting the system of potential attacks. I tested the system's response to different threats and analysed the obtained results. I found that such systems are high-performing, very efficient and can, with the correct settings, contribute significantly to the information security of the organisation.
Actions (login required)
![[img]](http://eprints.fri.uni-lj.si/style/images/fileicons/application_pdf.png)
