SIEM-Based Framework for Security Controls Automation

The purpose of this paper is to propose a framework for security controls automation, in order to achieve greater efficiency and reduce the complexity of information security management. This research reviewed the controls recommended by well known standards such as ISO/IEC 27001 and NIST SP 800-53; and identified security controls that can be automated by existing hard-and software tools. The research also analyzed the Security Information and Event Management (SIEM) technology and proposed a SIEM-based framework for security controls automation, taking into account the automation potential of SIEM systems and their integration possibilities with several security tools. This paper delimits the boundaries of information security automation and defines what automation means for each security control. A novel framework for security controls automation is proposed. This research provides an automation concept that goes beyond what it is normally described in previous works and SIEM solutions.