Examining the return on investment of a security information and event management solution in a notional Department of Defense network environment
Warnecke, Matthew P.
Housel, Thomas J.
Mun, Johnathan C.
MetadataShow full item record
Sophisticated cyber threats represent a significant adversary in the evolving world of the cyber domain. Furthermore, determining whether or not an attack has taken place and the extent of the damage caused requires significant resources. In order to guarantee reliable detection, prevention and mitigation of these advanced threats, the Department of Defense (DoD) must invest in advanced information security technologies that increase the defensive capabilities of its information networks. This thesis focuses on Security Information and Event Management (SIEM) systems as an enabling technology that possesses the advanced security capabilities required to address sophisticated, evolving cyber threats. The research explores the capabilities of this technology in terms of the speed of detection, depth of investigative power, and additional value provided. Additionally, this research attempts to quantify the return on investment that a SIEM solution could provide when deployed in a notional DoD network architecture. Ultimately, the research provided in this thesis endeavors to justify DoD investment in SIEM technology. The focus of this research revolves around a qualitative description of the inherent capabilities of SIEM products and utilizes several Return on Security Investment models in an attempt to quantitatively define the value of these capabilities in a DoD network.
RightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Showing items related by title, author, creator and subject.
Analyzing the U.S. Marine Corps Enterprise Information Technology Framework for IT Acquisition and Portfolio Governance Shives, Timothy R.; Pelz, Laban M. (Monterey, California. Naval Postgraduate School, 2012-09);This research examined the ongoing development of a Marine Corps-wide, enterprise architecture (EA) approach for assessing the IT planning and investment process, including IT-related programs of record. The EA-approach ...
Big Data and Deep Learning for Defense Acquisition Visibility Environment (DAVE)—Developing NPS Student Thesis Research Zhao, Ying (2017-12-21); NPS-AM-18-012The U.S. Department of Defense (DoD) acquisition process is extremely complex. There are three key processes that must work in concert to deliver capabilities: determining warfighters’ requirements and needs, planning the ...
AEGIS and Ship Self-defense System (SSDS) Platforms: Using KVA Analysis, Risk Simulation and Strategic Real Options to Assess Operational Effectiveness Housel, Thomas; Tarantino, Eric; Mun, Johnathan (2007-04-01); NPS-AM-07-011Modern, analytical tools are critical to understand the impact of open architecture technology and open business models on naval warfighting processes and procedures. These tools must measure the operational value of a ...