Methodology of rational choice of security incident management system for building operational security center

This article discusses the purpose, tasks and composition of the Operational Security Center (SOC). The basic technological tools which should include modern effective SOC are indicated. The focus is on the key role of the Information Security Incident Management System (SIEM) in the SOC. The purpose of SIEM and the main tasks that it should solve are reviewed. The peculiarities of solving the problem of choosing of SIEM are analyzed. The groups of indicators that characterize the degree of fulfillment of the requirements to SIEM are highlighted. The application of fuzzy set theory for processing expert information on qualitative indicators characterizing SIEM is proposed. The formulation of the SIEM selection problem is done and the main stages of its solution are proposed: preparation of initial data; choosing the method of solving the multicriteria problem; algorithm development. The method of normalization of SIEM quantitative indicators and the method of paired comparison based on the rank estimates for processing of SIEM qualitative indicators are proposed. It is proposed to use the 9-point Saaty scale to derive functions of SIEM qualitative values based on the processing of expert assessments. The algorithm of the considered method is implemented. Methods for solving multicriteria problems are analyzed and the use of a lexographic method is proposed for solving the SIEM solution for the Security Center (SOC). An algorithm for its implementation has been developed. To illustrate the operation of the proposed algorithm, we give an example of how to apply it to choose a rational SIEM option. Recommendations for application of the results obtained are offered.