izpis_h1_title_alt

Avtomatizacija obveščevalnih podatkov o grožnjah v varnostno operativnem centru
ID Kerin, Luka (Author), ID Kos, Andrej (Mentor) More about this mentor... This link opens in a new window

.pdfPDF - Presentation file, Download (358,97 KB)
MD5: 22712F9AC630975AEE3B797B6B5A3207

Abstract
V kibernetskem prostoru obstaja veliko varnostnih groženj, ki ogrožajo tako posameznike, kot tudi podjetja, ustanove in organizacije. Varnostni operativni centri igrajo ključno vlogo pri zagotavljanju varnosti in zaščite digitalnih sredstev. Ker se področje groženj neprestano razvija in postaja vse bolj sofisticirano, postajajo vse pomembnejši pri prepoznavanju kibernetskih napadov in odzivanju nanje. Njihova glavna naloga je spremljanje omrežja in sistemov organizacije, odkrivanje in analiziranje morebitnih groženj ter odzivanje na varnostne incidente. Njihova učinkovitost, pa je odvisna od kakovosti njegovih procesov, orodij in osebja. V tem diplomskem delu bom raziskal izzive in priložnosti povezane z vzpostavitvijo in delovanjem uspešnega varnostno operativnega centra, vključno z najboljšimi praksami za odzivanje na incidente, obveščanje o grožnjah in sodelovanje z drugimi varnostnimi skupinami. V sklopu tega bom opisal implementacijo avtomatizacije obveščevalnih informacij o grožnjah v varnostno operativnem centru, ki je omogočila lažji in hitrejši prenos informacij neposredno od varnostne analitike do platforme za zbiranje in nadaljnjo analizo, ki jo opravlja ekipa za obveščanje o varnostnih grožnjah.

Language:Slovenian
Keywords:kibernetska varnost, varnostne grožnje, zlonamerna programska oprema, phishing, napadi z gesli, napadi MitM, vstavljanje SQL ukazov, napadi XSS, interni SOC, SOCaaS, struktura SOC-a, varnostna analitika, obveščanje o grožnjah, odziv na incidente, digitalna forenzika, varnostne operacije, EDR
Work type:Bachelor thesis/paper
Organization:FE - Faculty of Electrical Engineering
Year:2023
PID:20.500.12556/RUL-147494 This link opens in a new window
COBISS.SI-ID:158341379 This link opens in a new window
Publication date in RUL:06.07.2023
Views:2042
Downloads:95
Metadata:XML DC-XML DC-RDF
:
Copy citation
Share:Bookmark and Share

Secondary language

Language:English
Title:Automatization of threat intelligence in the security operations center
Abstract:
There are many security threats in cyberspace that threaten individuals, businesses, institutions and organisations. Security Operations Centres play a key role in ensuring the safety and security of digital assets. As the threat landscape is constantly evolving and becoming more sophisticated, they are becoming increasingly important in identifying and responding to cyber-attacks. Their main task is to monitor an organisation's network and systems, detect and analyse potential threats and respond to security incidents. Their effectiveness, in turn, depends on the quality of its processes, tools and personnel. In this thesis, I will explore the challenges and opportunities associated with establishing and operating a successful security operations centre, including best practices for incident response, threat intelligence and collaboration with other security teams. In this context, he described the implementation of threat intelligence automation in the Security Operations Centre, which has facilitated and accelerated the transfer of information directly from security analysts to the platform for collection and further analysis by the Security Threat Intelligence team.

Keywords:cyber security, security threats, malware, phishing, password attacks, MitM attacks, SQL injection, XSS attacks, internal SOC, SOCaaS, SOC structure, security analytics, threat intelligence, incident response, digital forensics, security operations, EDR

Similar documents

Similar works from RUL:
Similar works from other Slovenian collections:

Back