sphinx-project.eu / News  / Blog  / SPHINX Functional Requirements and Guidelines: PART V

SPHINX Functional Requirements and Guidelines: PART V

Continue from PART IV

 

SPHINX shall enable the categorisation of cyber events and potential cyber-attacks.

The SPHINX Platform shall have the capability to categorise cyber events and potential cyber-attacks, based on the significance of those potential cyber incidents, following specific user behaviour (determined by the user’s role and duties concerning the operation of the IT ecosystem). Overall, this capability supports the users’ decision-making with respect to the prevention of cyber threats and the mitigation of cyber-attacks. This knowledge base should be updatable with common security information exchange formats, such as STIX.

IT Domain: Applications

Cyber Security Management Cycle: Identify. Detect.

 

SPHINX shall provide patterns of cyber security incidents.

The SPHINX Platform shall have the capability to acknowledge, recognise, identify and analyse the patterns of cyber security incidents (attempted and successful cyber-attacks). The SPHINX Platform shall have the capability to gather information from external data sources regarding attack patterns and the related components that could be affected by them. All these patterns shall be efficiently visualised and presented to the users and prompt the user to take actions. Overall, these capabilities support the users’ decision-making with respect to the prevention of cyber threats and the mitigation of cyber-attacks.

IT Domain: Applications

Cyber Security Management Cycle: Detect. Respond.

 

SPHINX shall generate forecasts of cyber security incidents and their associated consequences.

The SPHINX Platform shall have the capability to generate forecasts (near future timeframe) of cyber security incidents and consider their potential impact to the IT ecosystem. Overall, these capabilities contribute to the SPHINX forecasted cyber risk analyses and assessments and support the users’ cyber security awareness and decision-making with respect to the prevention of cyber threats.

IT Domain: Applications

Cyber Security Management Cycle: Identify.

 

SPHINX shall implement forensic mechanisms to investigate cyber incidents.

The SPHINX Platform shall have the capability to implement forensic analysis mechanisms to investigate cyber incidents and associated compromised or affected assets, thus producing a meaningful, reliable and valid chain of evidence that support appropriate system responses. Overall, this capability supports the users’ cyber security awareness and decision-making with respect to the prevention of cyber threats and the mitigation of cyber-attacks.

IT Domain: Applications

Cyber Security Management Cycle: Detect. Respond.

 

SPHINX shall facilitate the collection of evidence concerning cyber incidents.

The SPHINX Platform shall include specialised auditing and logging mechanisms that facilitate the collection of evidence concerning cyber incidents, in order to support the forensic investigation of suspected or confirmed data breaches. Overall, this capability supports the users’ cyber security awareness and decision-making with respect to the prevention of cyber threats and the mitigation of cyber-attacks.

IT Domain: Applications

Cyber Security Management Cycle: Protect.

 

SPHINX shall collect log entries of security incidents and threats in a privacy-aware manner.

The SPHINX Platform shall collect log entries of security incidents and threats to support investigation and analysis of incident-related information and data from different patterns and contexts in a privacy-aware manner. Overall, this capability supports the users’ cyber security awareness and decision-making with respect to the prevention of cyber threats and the mitigation of cyber-attacks.

IT Domain: Applications. Security/Privacy.

Cyber Security Management Cycle: Protect.

 

More information about the Functional Requirements and Guidelines of SPHINX can be found in Deliverable 2.8 that is publicly available here.