Hide/Show Apps

Security visualization infrastructures, techniques, and methodologies for improved enterprise security

Özdemir Sönmez, F. Ferd
This thesis focuses on providing designs to allow monitoring of the security status of enterprises at the organization level. The audience of this research is all enterprise level IT and security experts, and the other users who may be engaged in the security visualization designs, including the top level management. Numerous tools and programs are being used in organizations to analyze and overcome security vulnerabilities. However, the outputs of these programs are rarely understood clearly. During this study, existing security visualization requirements and designs along with the corresponding technologies used for security visualization were examined. For the sake of being user-centric, a visualization requirements survey was held. The results of the literature review and the survey were converted to a substantial requirement set for a generic enterprise security visualization infrastructure. This infrastructure was then implemented using industry’s best standards and the contemporary big data solutions. The resulting design was validated through the use of expert reviews. Later, one of the favorite security visualization subjects for the enterprises, namely web application security was handled. A dashboard type holistic design to visualize black-box vulnerability test results was proposed along with forty plus metrics and measures. SIEM systems were also examined for their custom data visualization capabilities in parallel to this part of the study. Finally, security management related issues for the organizations was focused. In this part of the study, a decision support system for the optimization of security costs which relies on analytical methods and uses treemap type visualizations to visualize the threats, risks, corresponding precautions, and the costs was proposed. A real-world case study was used to demonstrate the benefits of this system.