Analysis of implementation of a Security Information and Events Management (SIEM) System in Public Business Entities (PBE) hospitals
| Autor(a) principal: | |
|---|---|
| Data de Publicação: | 2023 |
| Tipo de documento: | Dissertação |
| Idioma: | eng |
| Título da fonte: | Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| Texto Completo: | http://hdl.handle.net/20.500.11960/3911 |
Resumo: | In a general context, IT systems are vulnerable to attacks due to increasing digitalization, especially in the health sector. Therefore, the need to protect these systems is extremely urgent. Organizations are increasingly turning to Security Information and Event Management (SIEM) systems to protect the data they manage through a strategy of centralized analysis of multiple security events originating from different security components. The purpose of this work is to analyze and implement a SIEM system in a hospital environment. To achieve this objective, an exploration of the current state of SIEM systems and their main functions was conducted. An analysis of security needs and specific requirements in the hospital context was also performed. Based on this analysis, an architectural model for implementing the SIEM system in the hospital is proposed. The proposed model was implemented and tested in a laboratory environment, revealing that the SIEM system is capable of identifying and reporting relevant security incidents in a hospital context [27]. Some limitations in the tested system were also identified, along with suggestions for future improvements. Taking into account the recent cyberattacks that have targeted public hospitals in Portugal, hospitals must be prepared to face these threats. Implementing a SIEM system can play a key role in mitigating these attacks and safeguarding sensitive patient and employee information. |
| id |
RCAP_c697b72a8db206fa5db6dae7e8cbe4ba |
|---|---|
| oai_identifier_str |
oai:repositorio.ipvc.pt:20.500.11960/3911 |
| network_acronym_str |
RCAP |
| network_name_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| repository_id_str |
7160 |
| spelling |
Analysis of implementation of a Security Information and Events Management (SIEM) System in Public Business Entities (PBE) hospitalsCyber securitySIEMHospitalThreatsResilienceCiberseguran?aAmea?asResili?nciaIn a general context, IT systems are vulnerable to attacks due to increasing digitalization, especially in the health sector. Therefore, the need to protect these systems is extremely urgent. Organizations are increasingly turning to Security Information and Event Management (SIEM) systems to protect the data they manage through a strategy of centralized analysis of multiple security events originating from different security components. The purpose of this work is to analyze and implement a SIEM system in a hospital environment. To achieve this objective, an exploration of the current state of SIEM systems and their main functions was conducted. An analysis of security needs and specific requirements in the hospital context was also performed. Based on this analysis, an architectural model for implementing the SIEM system in the hospital is proposed. The proposed model was implemented and tested in a laboratory environment, revealing that the SIEM system is capable of identifying and reporting relevant security incidents in a hospital context [27]. Some limitations in the tested system were also identified, along with suggestions for future improvements. Taking into account the recent cyberattacks that have targeted public hospitals in Portugal, hospitals must be prepared to face these threats. Implementing a SIEM system can play a key role in mitigating these attacks and safeguarding sensitive patient and employee information.Num contexto geral, os sistemas inform?ticos encontram-se vulner?veis a ataques, devido ? crescente digitaliza??o, sobretudo no setor da sa?de. Por isso, a necessidade de proteger esses sistemas ? extremamente urgente. As organiza??es est?o a recorrer cada vez mais a sistemas SIEM (Gest?o de Informa??o e Eventos de Seguran?a) para proteger os dados que gerem, atrav?s de uma estrat?gia de an?lise centralizada de m?ltiplos eventos de seguran?a originados por diversos componentes de seguran?a. O prop?sito deste trabalho ? analisar e implementar um sistema SIEM num ambiente hospitalar. Para atingir este objetivo, foi realizada uma explora??o do estado atual dos sistemas SIEM e das suas principais fun??es. Foi tamb?m conduzida uma an?lise das necessidades de seguran?a e dos requisitos espec?ficos no contexto hospitalar. Com base nesta an?lise, ? proposto um modelo arquitetural para a implementa??o do sistema SIEM no hospital. O modelo proposto foi implementado e testado em ambiente laboratorial, revelando que o sistema SIEM ? capaz de identificar e reportar incidentes de seguran?a relevantes num contexto hospitalar. Foram tamb?m identificadas algumas limita??es no sistema testado, juntamente com sugest?es para melhorias futuras. Tendo em conta os recentes ataques cibern?ticos que t?m visado hospitais p?blicos em Portugal, torna-se crucial que os hospitais estejam preparados para enfrentar estas amea?as. A implementa??o de um sistema SIEM pode desempenhar um papel fundamental na mitiga??o destes ataques e na salvaguarda de informa??es sens?veis de pacientes e colaboradores.2024-02-05T12:13:20Z2023-12-14T00:00:00Z2023-12-14info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/20.500.11960/3911TID:203513894engGon?alves, Emanuel de Ara?joinfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2024-02-08T11:49:27Zoai:repositorio.ipvc.pt:20.500.11960/3911Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-20T02:36:48.518407Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse |
| dc.title.none.fl_str_mv |
Analysis of implementation of a Security Information and Events Management (SIEM) System in Public Business Entities (PBE) hospitals |
| title |
Analysis of implementation of a Security Information and Events Management (SIEM) System in Public Business Entities (PBE) hospitals |
| spellingShingle |
Analysis of implementation of a Security Information and Events Management (SIEM) System in Public Business Entities (PBE) hospitals Gon?alves, Emanuel de Ara?jo Cyber security SIEM Hospital Threats Resilience Ciberseguran?a Amea?as Resili?ncia |
| title_short |
Analysis of implementation of a Security Information and Events Management (SIEM) System in Public Business Entities (PBE) hospitals |
| title_full |
Analysis of implementation of a Security Information and Events Management (SIEM) System in Public Business Entities (PBE) hospitals |
| title_fullStr |
Analysis of implementation of a Security Information and Events Management (SIEM) System in Public Business Entities (PBE) hospitals |
| title_full_unstemmed |
Analysis of implementation of a Security Information and Events Management (SIEM) System in Public Business Entities (PBE) hospitals |
| title_sort |
Analysis of implementation of a Security Information and Events Management (SIEM) System in Public Business Entities (PBE) hospitals |
| author |
Gon?alves, Emanuel de Ara?jo |
| author_facet |
Gon?alves, Emanuel de Ara?jo |
| author_role |
author |
| dc.contributor.author.fl_str_mv |
Gon?alves, Emanuel de Ara?jo |
| dc.subject.por.fl_str_mv |
Cyber security SIEM Hospital Threats Resilience Ciberseguran?a Amea?as Resili?ncia |
| topic |
Cyber security SIEM Hospital Threats Resilience Ciberseguran?a Amea?as Resili?ncia |
| description |
In a general context, IT systems are vulnerable to attacks due to increasing digitalization, especially in the health sector. Therefore, the need to protect these systems is extremely urgent. Organizations are increasingly turning to Security Information and Event Management (SIEM) systems to protect the data they manage through a strategy of centralized analysis of multiple security events originating from different security components. The purpose of this work is to analyze and implement a SIEM system in a hospital environment. To achieve this objective, an exploration of the current state of SIEM systems and their main functions was conducted. An analysis of security needs and specific requirements in the hospital context was also performed. Based on this analysis, an architectural model for implementing the SIEM system in the hospital is proposed. The proposed model was implemented and tested in a laboratory environment, revealing that the SIEM system is capable of identifying and reporting relevant security incidents in a hospital context [27]. Some limitations in the tested system were also identified, along with suggestions for future improvements. Taking into account the recent cyberattacks that have targeted public hospitals in Portugal, hospitals must be prepared to face these threats. Implementing a SIEM system can play a key role in mitigating these attacks and safeguarding sensitive patient and employee information. |
| publishDate |
2023 |
| dc.date.none.fl_str_mv |
2023-12-14T00:00:00Z 2023-12-14 2024-02-05T12:13:20Z |
| dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
| dc.type.driver.fl_str_mv |
info:eu-repo/semantics/masterThesis |
| format |
masterThesis |
| status_str |
publishedVersion |
| dc.identifier.uri.fl_str_mv |
http://hdl.handle.net/20.500.11960/3911 TID:203513894 |
| url |
http://hdl.handle.net/20.500.11960/3911 |
| identifier_str_mv |
TID:203513894 |
| dc.language.iso.fl_str_mv |
eng |
| language |
eng |
| dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
| eu_rights_str_mv |
openAccess |
| dc.format.none.fl_str_mv |
application/pdf |
| dc.source.none.fl_str_mv |
reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação instacron:RCAAP |
| instname_str |
Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
| instacron_str |
RCAAP |
| institution |
RCAAP |
| reponame_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| collection |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| repository.name.fl_str_mv |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
| repository.mail.fl_str_mv |
|
| _version_ |
1799137419392450560 |