Point SIEM products provide useful data but they lack visibility across a broader set of security elements needed to detect the increasing number and variety of cyber-attacks on corporate and government enterprises. SIEM solutions typically correlate, analyse, and report information from a variety of data sources, such as network devices, identity management devices, access management devices, and operating systems. Real-time security monitoring includes a handful of technologies, with Security Information and Event Management (SIEM) being one of the key building blocks. Also, importantly, risk assessment technologies are not able to cope rapidly with emerging cyber threats, thus leaving a time window where the security of the Smart Hospitals can only rely on the correct behaviour of employees, that nowadays represents the main targets to deliver (e.g., through social engineering techniques) attacks both at IT level (i.e., malware) as well as at human level (e.g., CEO frauds) that may severely compromise businesses activities.
Additionally, from a report of Ponemon Institute, reports that “IT security teams are often not effective at communicating cyber security risks to senior management”.
Smart Hospitals are particularly vulnerable, as they lack in cyber security due to time, resource, and knowledge constraints, while focusing more on funding and sustaining their core business. With the extensive use of the Internet nowadays, companies are becoming more and more at risk from cyber-attacks. Experiments demonstrate that, by relying on continuous monitoring of security relevant events and advanced correlation techniques, the SIEM solution proposed in this work effectively protects the critical workflows of the hospital business processes from cyber-attacks with high impact (specifically: serious harm to or even death of the patient). The use case is contributed by one of the major public hospitals in Italy. The approach is validated with respect to a real use case of a Smart Hospital (i.e., one where IT is massively used), with challenging security requirements. The advancements are achieved via combined use of two of the most promising technologies for trusted computing, namely: Trusted Execution Environment (TTE) and Homomorphic Encryption (HE). The proposed SIEM tool advances the State of The Art of the technology along two axes, specifically: privacy and integrity. The approach presented in this paper provides effective protection of critical business processes by applying advanced SIEM technology in a rigorous fashion, based on the results of accurate risk assessment.
0 kommentar(er)
