Abstract

REYES-MENA, Francisco Xavier et al. Application of business intelligence For analyzing vulnerabilities to increase the security level in an academic CSIRT. Rev. Fac. ing. [online]. 2018, vol.27, n.47, pp.21-29. ISSN 0121-1129.  https://doi.org/10.19053/01211129.v27.n47.2018.7747.

This study aimed at designing a potential solution through Business Intelligence for acquiring data and information from a wide variety of sources and utilizing them in the decision-making of the vulnerability analysis of an Academic CSIRT (Computer Security Incident Response Team). This study was developed in a CSIRT that gathers a variety of Ecuadorian universities. We applied the Action-Research methodology with a qualitative approach, divided into three phases: First, we qualitatively evaluated two intrusion detection analysis tools (Passive Scanner and Snort) to verify their advantages and their ability to be exclusive or complementary; simultaneously, these tools recorded the real-time logs of the incidents in a MySQL related database. Second, we applied the Ralph Kimball's methodology to develop several routines that allowed applying the "Extract, Transform, and Load" process of the non-normalized logs that were subsequently processed by a graphical user interface. Third, we built a software application using Scrum to connect the obtained logs to the Pentaho BI tool, and thus, generate early alerts as a strategic factor. The results demonstrate the functionality of the designed solution, which generates early alerts, and consequently, increases the security level of the CSIRT members.

Keywords : business intelligence; cybersecurity; decision making; early alerts; electronic data processing; ETL; vulnerability analysis.

        · abstract in Spanish | Portuguese     · text in English     · English ( pdf )