Academy & Industry Research Collaboration Center (AIRCC)

Volume 11, Number 18, November 2021

Reducing Cyber Incident Response to Protect CNI from Cyber Attacks
using an N-SIEM Integration with an ICTI-CNI

  Authors

Igli Tafa and Kevin Shahollari, Polytechnic University of Tirana, Tirana

  Abstract

The rapid evolution of technology has increased the role of cybersecurity and put it at the center of nationalcritical infrastructure. This role supports and guarantees the vital services of (CNI) while provides the proper functionalities for running operations between the public and private sectors. This evolution has hadthe same impact on cyberattack tools, methods, techniques used to gain unauthorized access to these computer systems that contain confidential and high-value information in the digital data sales market or asit called "darkweb".

As a result, it has become necessary to monitor all events of the National Critical Infrastructure (CNI) computer systems. This proposed system uses a centralized National SIEM (N-SIEM) specializing in the correlation of security events caused by cyber attacks, collected by CNIs systems while integrating with anInternational Cyber Threat Intelligence system (ICTI-CNI).

In addition, this conceptual model collects security breach events of CNIs systems, analyzes only cyber attacks, and correlates these security events in real-time with an intelligent automated platform while reducing the response time of security analysts.

  Keywords

CNI, N-SIEM, ICTI-CNI, IOC, cyber attacks security events.