Security visualization infrastructures, techniques, and methodologies for improved enterprise security

Özdemir Sönmez, F. Ferd
This thesis focuses on providing designs to allow monitoring of the security status of enterprises at the organization level. The audience of this research is all enterprise level IT and security experts, and the other users who may be engaged in the security visualization designs, including the top level management. Numerous tools and programs are being used in organizations to analyze and overcome security vulnerabilities. However, the outputs of these programs are rarely understood clearly. During this study, existing security visualization requirements and designs along with the corresponding technologies used for security visualization were examined. For the sake of being user-centric, a visualization requirements survey was held. The results of the literature review and the survey were converted to a substantial requirement set for a generic enterprise security visualization infrastructure. This infrastructure was then implemented using industry’s best standards and the contemporary big data solutions. The resulting design was validated through the use of expert reviews. Later, one of the favorite security visualization subjects for the enterprises, namely web application security was handled. A dashboard type holistic design to visualize black-box vulnerability test results was proposed along with forty plus metrics and measures. SIEM systems were also examined for their custom data visualization capabilities in parallel to this part of the study. Finally, security management related issues for the organizations was focused. In this part of the study, a decision support system for the optimization of security costs which relies on analytical methods and uses treemap type visualizations to visualize the threats, risks, corresponding precautions, and the costs was proposed. A real-world case study was used to demonstrate the benefits of this system.


Security Qualitative Metrics for Open Web Application Security Project Compliance
Sönmez, Ferda Özdemir (Elsevier BV; 2019)
The focus of this study is to find out repeatable features for large-scale enterprise web application production process related to based on OWASP security requirement list. As a result of a rigorous work including domain analysis for Java language and development frameworks and the examination of a large set of technical documents, 230 security qualitative metrics are discovered, under six categories. These security qualitative metrics are beneficial for security analysts as well as other parties such as d...
Enterprise resource planning systems selection process
Kenaroğlu, Bahar; Erdil, Erkan; Department of Science and Technology Policy Studies (2004)
In this study, a research is developed to establish a comprehensive framework for ERP systems selection process and provide guidance for better ERP systems selection and evaluation by investigating all the aspects of the selection process. The research is conducted through a comprehensive study prior to key information systems journals, conferences, overall enterprise information systems materials in electronic databases, and also in practitioner journals. As a result, the study is able to present a compreh...
A Decision Support System for Optimal Selection of Enterprise Information Security Preventative Actions
Sonmez, Ferda Ozdemir; Günel Kılıç, Banu (2021-09-01)
Types and complexity of information security related vulnerabilities are growing rapidly and present numerous challenges to the enterprises. One of the key challenges is to identify the optimal set of precautions with limited budget. Despite the fact that majority of enterprises have a budget constraint for installing and maintaining the protection systems, the majority of the previous work only focus on prioritization of security targets and do not consider the preventative actions and budget constraints. ...
ICT adoption, software investment and firm efficiency in Turkey
Fındık, Derya; Tansel, Aysıt; Department of Science and Technology Policy Studies (2013)
This thesis examines the impact of firm resources on Information and Communication Technologies (ICT) adoption by the Turkish business enterprises and the impact of software investment on firm efficiency by using firm level data. ICT adoption is measured at three levels: The first level is technology ownership. The second level is the presence of enterprise resource planning (ERP) and customer resource management (CRM). The third level is the use of narrowband and broadband technologies. The impact of firm ...
Design of a Multi Agent Based Virtual Enterprise Framework for Sustainable Production
Sadigh, Bahram Lotfi; ÜNVER, HAKKI ÖZGÜR; Kilic, S. Engin (2011-07-08)
In this paper a Platform as a Service (PaaS) based multi agent virtual enterprise framework for sustainability is introduced which is designed in order to facilitate the collaboration between Small and Medium Sized Enterprises (SMEs) working in Aviation and Defense Cluster of OSTIM Organized Industrial Region in Ankara, Turkey. In order to enable SMEs to capture opportunities and design products collaboratively in a network, a Virtual Enterprise framework shall be developed. This framework also targets to i...
Citation Formats
F. F. Özdemir Sönmez, “Security visualization infrastructures, techniques, and methodologies for improved enterprise security,” Thesis (Ph.D.) -- Graduate School of Natural and Applied Sciences. Information Systems., Middle East Technical University, 2019.