Security and Business Situational Awareness

“Security needs to be aligned with business”. Business situational awareness is the ability to continually monitor ongoing actions and events related to business operations and estimate the immediate and close-future impact of the new information. This ability is crucial for business continuity and should encompass all associated aspects. Considering the growing dependability of businesses on IT on the one hand, and ever increasing threats on the other, IT security aspects should get adequate attention in the awareness system. We present an approach to raise business situational awareness using an advanced method of predictive security analysis at runtime. It continually observes a system’s event stream to find deviations from specified behavior and violations of security compliance rules. Operational models of the key processes are utilized to predict critical security states, evaluate possible countermeasures, and trigger corrective actions. A security information model maintains the security strategy and explains possible deviations from the originating goal. The approach is demonstrated on an industrial scenario from a European research project.