Skip to main content
SpringerLink
Log in

Enhancing Enterprise IT Security with a Visualization-Based Process Framework

  • Conference paper
  • First Online:
Security in Computing and Communications (SSCC 2019)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1208))

Included in the following conference series:

  • 594 Accesses

Abstract

This work presents a process framework for security visualization that supports organizational knowledge generation, improves the usability of IT operative tasks, and improves the manageability of data and devices. The framework, as it was built, and how it can be used is described. The framework provides detailed instructions, makes the current status of the environment visible, and demands participation from stakeholders. With this concept, the quality of the used data is improved systematically, and also the overall IT security level of the organization. It consists of a visualization process (ask, manage data, visualize, interact) and a data management process (define data, acquire data, analyze data, ensure data quality, dispose or reuse data). This is illustrated with a proof of concept process run on vulnerability management. Besides, an implementation guide is provided in order to support the adaption of the process framework.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Common Vulnerabilities and Exposures (CVE).

  2. 2.

    Common Vulnerability Scoring System (CVSS).

References

  • Fry, B.J.: Computational Information Design. Massachusetts Institute of Technology (2004)

    Google Scholar 

  • Ware, C.: Information Visualization: Perception for Design. Morgan Kaufmann Publishers Inc., San Francisco (2004)

    Google Scholar 

  • Burkhard, R.A.: Knowledge Visualization: The Use of Complementary Visual Representations for the Transfer of Knowledge. ETH Zürich, Zürich (2005)

    Google Scholar 

  • Marty, R.: Applied Security Visualization. Addison-Wesley Professional, Boston (2008)

    Google Scholar 

  • Balakrishnan, B.: Security Data Visualization. SANS Institute InfoSec Reading Room, October 2015

    Google Scholar 

  • Hanauer, T., Metzger, S.: Stakeholder Specific Visualization and Automated Reporting of Network Scanning Results applying Vis4Sec. 11. DFN-Forum Kommunikationstechnologien, Günzburg, Germany (2018a)

    Google Scholar 

  • Hanauer, T., Hommel, W., Metzger, S., Pöhn, D.: A process framework for stakeholder-specific visualization of security metrics. In: Proceedings of the 13th International Conference on Availability, Reliability and Security (ARES 2018), Hamburg, Germany, August 2018b

    Google Scholar 

  • Hanauer, T., Hommel, W., Wüstner, Ch.: VESPER – a tool for managing Vulnerabilities and Exploits in Software with Portscan-Endorsed Results. Sicherheit in vernetzten Systemen: 26. DFN-Konferenz (2019)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Leibniz Supercomputing Centre, Boltzmannstr. 1, Garching n. Munich, Germany

    Tanja Hanauer

  2. Bundeswehr University Munich, Werner-Heisenberg-Weg 39, Neubiberg, Germany

    Wolfgang Hommel

Authors
  1. Tanja Hanauer
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Wolfgang Hommel
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tanja Hanauer .

Editor information

Editors and Affiliations

  1. Indian Institute of Information Technology and Management, Trivandrum, India

    Sabu M. Thampi

  2. University of Murcia, Espinardo, Murcia, Spain

    Gregorio Martinez Perez

  3. University of Queensland, Brisbane, QLD, Australia

    Ryan Ko

  4. Howard University, Washington, DC, USA

    Danda B. Rawat

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Hanauer, T., Hommel, W. (2020). Enhancing Enterprise IT Security with a Visualization-Based Process Framework. In: Thampi, S., Martinez Perez, G., Ko, R., Rawat, D. (eds) Security in Computing and Communications. SSCC 2019. Communications in Computer and Information Science, vol 1208. Springer, Singapore. https://doi.org/10.1007/978-981-15-4825-3_18

Download citation

  • DOI: https://doi.org/10.1007/978-981-15-4825-3_18

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-15-4824-6

  • Online ISBN: 978-981-15-4825-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation