IMPAVID：通过可视化分析增强事件管理流程合规性评估

IF 2.5 4区计算机科学 Q2 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Computers & Graphics-Uk Pub Date : 2025-06-03 DOI:10.1016/j.cag.2025.104243

Alessandro Palma , Marco Angelini

{"title":"IMPAVID：通过可视化分析增强事件管理流程合规性评估","authors":"Alessandro Palma , Marco Angelini","doi":"10.1016/j.cag.2025.104243","DOIUrl":null,"url":null,"abstract":"<div><div>The Incident Management Process (IMP) is crucial to prevent, protect against, and respond to security incidents that impact an organization. To ensure readiness for potential alerts, the IMP must comply with security standards, which provide guidelines for managing such incidents, and organizations are expected to adhere to these standards to establish a secure-by-design approach. Evaluating an organization’s compliance with security standards is often labor-intensive, as traditional methods rely heavily on manual analysis. Incorporating automated approaches to aid decision-making presents additional challenges, such as data interpretation and correlation. To address these challenges, we present IMPAVID, a visual analytics solution designed to support the assessment of IMP compliance through process-centric techniques. IMPAVID aims to enhance the security assessor’s awareness, enabling them to make informed decisions about improving the IMP alignment with regulatory and technical standards. To ensure the context-awareness of these techniques, IMPAVID leverages a deviations taxonomy and a cost model to propose a more fine-grained analysis linking together process and technical data while allowing to focus on general root causes for non-compliance. In the literature, cost models often rely on parametric cost functions that provide a valuable solution for fine-grained assessments while introducing additional challenges related to the effort necessary for security assessors to determine suitable parameter configurations. Thus, the IMPAVID system implements additional requirements and a visual environment to support data-driven, assisted, and interactive parameter configuration during IMP compliance assessment. We validate our system by presenting a comprehensive case study based on a publicly available dataset, which includes real IMP log data from an IT company. It shows the system’s capabilities to perform IMP compliance assessment while dynamically configuring the parameters of the proposed compliance cost model, enabling more effective and efficient analysis.</div></div>","PeriodicalId":50628,"journal":{"name":"Computers & Graphics-Uk","volume":"130 ","pages":"Article 104243"},"PeriodicalIF":2.5000,"publicationDate":"2025-06-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"IMPAVID: Enhancing incident management process compliance assessment with visual analytics\",\"authors\":\"Alessandro Palma , Marco Angelini\",\"doi\":\"10.1016/j.cag.2025.104243\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>The Incident Management Process (IMP) is crucial to prevent, protect against, and respond to security incidents that impact an organization. To ensure readiness for potential alerts, the IMP must comply with security standards, which provide guidelines for managing such incidents, and organizations are expected to adhere to these standards to establish a secure-by-design approach. Evaluating an organization’s compliance with security standards is often labor-intensive, as traditional methods rely heavily on manual analysis. Incorporating automated approaches to aid decision-making presents additional challenges, such as data interpretation and correlation. To address these challenges, we present IMPAVID, a visual analytics solution designed to support the assessment of IMP compliance through process-centric techniques. IMPAVID aims to enhance the security assessor’s awareness, enabling them to make informed decisions about improving the IMP alignment with regulatory and technical standards. To ensure the context-awareness of these techniques, IMPAVID leverages a deviations taxonomy and a cost model to propose a more fine-grained analysis linking together process and technical data while allowing to focus on general root causes for non-compliance. In the literature, cost models often rely on parametric cost functions that provide a valuable solution for fine-grained assessments while introducing additional challenges related to the effort necessary for security assessors to determine suitable parameter configurations. Thus, the IMPAVID system implements additional requirements and a visual environment to support data-driven, assisted, and interactive parameter configuration during IMP compliance assessment. We validate our system by presenting a comprehensive case study based on a publicly available dataset, which includes real IMP log data from an IT company. It shows the system’s capabilities to perform IMP compliance assessment while dynamically configuring the parameters of the proposed compliance cost model, enabling more effective and efficient analysis.</div></div>\",\"PeriodicalId\":50628,\"journal\":{\"name\":\"Computers & Graphics-Uk\",\"volume\":\"130 \",\"pages\":\"Article 104243\"},\"PeriodicalIF\":2.5000,\"publicationDate\":\"2025-06-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computers & Graphics-Uk\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0097849325000846\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, SOFTWARE ENGINEERING\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Graphics-Uk","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0097849325000846","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}

引用次数: 0

摘要

事件管理流程（IMP）对于预防、防范和响应影响组织的安全事件至关重要。为了确保对潜在的警报做好准备，IMP必须遵守安全标准，这些标准提供了管理此类事件的指导方针，并且期望组织遵守这些标准以建立设计安全方法。评估组织对安全标准的遵从性通常是劳动密集型的，因为传统方法严重依赖于人工分析。结合自动化方法来辅助决策提出了额外的挑战，例如数据解释和相关性。为了应对这些挑战，我们提出了IMPAVID，这是一种可视化分析解决方案，旨在通过以过程为中心的技术支持IMP合规性评估。IMPAVID旨在提高安全评估人员的意识，使他们能够在改进IMP与法规和技术标准的一致性方面做出明智的决定。为了确保这些技术的上下文感知，IMPAVID利用偏差分类法和成本模型来提出更细粒度的分析，将流程和技术数据联系在一起，同时允许关注不合规的一般根本原因。在文献中，成本模型通常依赖于参数成本函数，这些函数为细粒度评估提供了有价值的解决方案，同时引入了与安全评估人员确定合适参数配置所需的工作相关的额外挑战。因此，IMPAVID系统实现了额外的需求和可视化环境，以支持IMP合规性评估期间数据驱动、辅助和交互式参数配置。我们通过展示一个基于公开可用数据集的综合案例研究来验证我们的系统，该数据集包括来自一家IT公司的真实IMP日志数据。它显示了系统在动态配置建议的遵从性成本模型参数的同时执行IMP遵从性评估的能力，从而实现更有效和高效的分析。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

IMPAVID: Enhancing incident management process compliance assessment with visual analytics

The Incident Management Process (IMP) is crucial to prevent, protect against, and respond to security incidents that impact an organization. To ensure readiness for potential alerts, the IMP must comply with security standards, which provide guidelines for managing such incidents, and organizations are expected to adhere to these standards to establish a secure-by-design approach. Evaluating an organization’s compliance with security standards is often labor-intensive, as traditional methods rely heavily on manual analysis. Incorporating automated approaches to aid decision-making presents additional challenges, such as data interpretation and correlation. To address these challenges, we present IMPAVID, a visual analytics solution designed to support the assessment of IMP compliance through process-centric techniques. IMPAVID aims to enhance the security assessor’s awareness, enabling them to make informed decisions about improving the IMP alignment with regulatory and technical standards. To ensure the context-awareness of these techniques, IMPAVID leverages a deviations taxonomy and a cost model to propose a more fine-grained analysis linking together process and technical data while allowing to focus on general root causes for non-compliance. In the literature, cost models often rely on parametric cost functions that provide a valuable solution for fine-grained assessments while introducing additional challenges related to the effort necessary for security assessors to determine suitable parameter configurations. Thus, the IMPAVID system implements additional requirements and a visual environment to support data-driven, assisted, and interactive parameter configuration during IMP compliance assessment. We validate our system by presenting a comprehensive case study based on a publicly available dataset, which includes real IMP log data from an IT company. It shows the system’s capabilities to perform IMP compliance assessment while dynamically configuring the parameters of the proposed compliance cost model, enabling more effective and efficient analysis.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Computers & Graphics-Uk 工程技术-计算机：软件工程

CiteScore

5.30

自引率

12.00%

发文量

173

审稿时长

38 days

期刊介绍： Computers & Graphics is dedicated to disseminate information on research and applications of computer graphics (CG) techniques. The journal encourages articles on: 1. Research and applications of interactive computer graphics. We are particularly interested in novel interaction techniques and applications of CG to problem domains. 2. State-of-the-art papers on late-breaking, cutting-edge research on CG. 3. Information on innovative uses of graphics principles and technologies. 4. Tutorial papers on both teaching CG principles and innovative uses of CG in education.