Implementing and evaluating a GDPR-compliant open-source SIEM solution

Implementing and evaluating a GDPR-compliant open-source SIEM solution

Security Information and Event Management (SIEM) solutions collect events from the IT infrastructure and concentrate information from the various components in a single place, allowing the detection of anomalous situations and attacks, and helping to protect confidential data. But real-world network...

Full description

Bibliographic Details
Main Authors: Costa, R.L.D.C (Author), Rabadão, C. (Author), Santos, L. (Author), Vazão, A.P (Author)
Format: Article
Language:English
Published: Elsevier Ltd 2023
Subjects:
Complex networks
Compliance control
Confidential data
Data privacy
Device application
Elastic stack
GDPR
General data protection regulations
Information management
IT infrastructures
Network environments
Open-source
Pseudonymization
Real-world networks
Security Information and Event Management
Security information and event managements
Online Access:View Fulltext in Publisher
View in Scopus
LEADER 02895nam a2200373Ia 4500
001 10.1016-j.jisa.2023.103509
008 230529s2023 CNT 000 0 und d
020 |a 22142134 (ISSN) 
245 1 0 |a Implementing and evaluating a GDPR-compliant open-source SIEM solution 
260 0 |b Elsevier Ltd  |c 2023 
856 |z View Fulltext in Publisher  |u https://doi.org/10.1016/j.jisa.2023.103509 
856 |z View in Scopus  |u https://www.scopus.com/inward/record.uri?eid=2-s2.0-85159313805&doi=10.1016%2fj.jisa.2023.103509&partnerID=40&md5=deee23ab296e64a7b6251cfcaeb0cdc2 
520 3 |a Security Information and Event Management (SIEM) solutions collect events from the IT infrastructure and concentrate information from the various components in a single place, allowing the detection of anomalous situations and attacks, and helping to protect confidential data. But real-world network environments may be complex and heterogeneous (e.g., in terms of devices, applications, and operating systems), and the attack surface can be vast, which makes increases the amount that a SIEM solution must collect and analyze. The General Data Protection Regulation (GDPR) has increased the level of complexity in such context, as organizations must ensure the monitoring of access to personal data and various levels of security in their infrastructure. In this work, we deal with the implementation of an open-source SIEM solution that incorporates technical measures for the protection and control of personal data, ensuring compliance with the GDPR. We identify the main functionalities and describe a solution based on the Elastic Stack and additional open-source external tools. To validate our proposals, we implemented a prototype of our solution in a real-world environment. We simulated internal and external attacks that show the solution capacity to deal in real-time with the detection of threats and incidents. We also evaluated the performance and resource consumption of personal data pseudonymization processes. Obtained results show our solution presents good performance and scalability. © 2023 The Author(s) 
650 0 4 |a Complex networks 
650 0 4 |a Compliance control 
650 0 4 |a Confidential data 
650 0 4 |a Data privacy 
650 0 4 |a Device application 
650 0 4 |a Elastic stack 
650 0 4 |a GDPR 
650 0 4 |a General data protection regulations 
650 0 4 |a Information management 
650 0 4 |a IT infrastructures 
650 0 4 |a Network environments 
650 0 4 |a Open-source 
650 0 4 |a Pseudonymization 
650 0 4 |a Real-world networks 
650 0 4 |a Security Information and Event Management 
650 0 4 |a Security information and event managements 
700 1 0 |a Costa, R.L.D.C.  |e author 
700 1 0 |a Rabadão, C.  |e author 
700 1 0 |a Santos, L.  |e author 
700 1 0 |a Vazão, A.P.  |e author 
773 |t Journal of Information Security and Applications 

Similar Items