SPHINX Functional Requirements and Guidelines: PART VII

Continue form PART VI

SPHINX emulated services and systems shall operate in an isolated and safe environment.

Τhe SPHINX Platform shall enable the emulated IT ecosystem services and systems to be isolated from the real IT environment, protecting the latter from being affected by malicious  actions or software. The  emulated  IT  ecosystem shall implement security mechanisms for access control. Security checks should be available to detect malicious devices or services deployed on this environment.

IT Domain: IT Hardware Infrastructure. Networking. Applications. Security/Privacy.

Cyber Security Management Cycle: Protect. Detect

SPHINX  shall deliver automated alerts  including recommendations  and response plans related  with the systems under attack.

The SPHINX Platform shall automatically alert users whenever a system is under attack. The  alert  shall include recommendations  and  treatment  plans to support the IT’s decision-making process. These alerts should be weighed against past alerts, and not repeat multiple times for the same attack.

IT Domain: Applications

Cyber Security Management Cycle: Detect. Respond

SPHINX shall implement an early warning system with different warning levels.

The SPHINX Platform shall implement an early warning system to notify and alert users of  suspicious  user  or  network  activity, massive  data  processing and unusual access patterns. The SPHINX Platform shall establish different warning levels to enable users to easily identify situations referring to vulnerabilities, risks, threats, events, incidents or  attacks,  as  well  as  to clearly  classify  the  situations worth monitoring  or requiring urgent intervention. The notification shall be as clear as possible, also defining the risk level corresponding to the specific incident  (e.g. different notifications shall apply in case of a data breach compared to data tampering). Overall, this capability supports the  users’  cyber  security  awareness and   decision-making   with   respect   to   the prevention of cyber threats and the mitigation of cyber-attacks.

IT Domain: Applications

Cyber Security Management Cycle: Identify. Protect. Detect

SPHINX shall include contact information of individuals to be alerted in case of cyber security incidents.

The  SPHINX  Platform  shall  include  a list  of  individuals to  be alerted in  case  of forecasted,  suspected or ongoing  cyber  security  incidents. Alerting  mechanisms should include dashboard  displays, emails and text  messages to ensure  appropriate recipients  are informed  at  all  times. The  alerts  shall  consider  rules  such  as incident classification and severity type. The SPHINX Platform shall provide this functionality in compliance with the guidelines of the GDPR. Therefore, the list of individuals shall be kept secure. Overall, this capability supports the users’ cyber security awareness and decision-making with respect to the prevention of cyber threats and the mitigation of cyber-attacks.

IT Domain: Applications

Cyber Security Management Cycle: Respond. Recover

SPHINX shall provide specific means for establishing the authenticity of alerts.

The SPHINX Platform shall establish sound mechanisms to determine the authenticity of   the   automated   alerts   or   notifications   issued   by   the   system   to   warn   the organisation’s IT administrators of imminent, ongoing and forecasted cyber threats, incidents  and  attacks  requiring  prompt  intervention. As  a  global  rule,  alerts  should have a traceability id, that can be verified through cryptographic hashes or MACs.

IT Domain: Applications

Cyber Security Management Cycle: Protect

SPHINX shall allow the classification of automated alerts.

Τhe  SPHINX  Platform  shall  enable  the  classification  of  the automated  alerts  or notifications issued of imminent, ongoing and forecasted cyber threats, incidents and attacks. The classification scheme shall allow the easy identification of vulnerabilities, risks, threats, events, incidents or attacks, as well as of situations worth monitoring or requiring  urgent  intervention. The  SPHINX  Platform  shall  allow  users  to  filter  the registered alerts by category.

IT Domain: Applications

Cyber Security Management Cycle: Protect

More information about the Functional Requirements and Guidelines of SPHINX can be found in Deliverable 2.8 that is publicly available here.