CS 5150: Software Engineering
Spring 2018

Project Suggestion: Security Metrics

Client

Wyman Miles, Chief Information Security Officer, Cornell University
Email: <wm63@cornell.edu>
Telephone: 607-255-8421

Student contact

Kirk Thaker, <kt485@cornell.edu>, is setting up a team for this project. If you are interested in joining the team, please contact him.

Problem Statement

This project is for Cornell's IT Security Office. The overall goal is to take a variety of data sources, consolidate them, and deliver worthwhile analytics to a lay audience.

The IT Security Office has considerable data that can potentially describe the university’s security posture, known and unknown threats, the value or effectiveness of certain detective or preventative activities, and contribute to more transparent and effective use of limited university resources. To provide some context, questions that could be explored include:

  • Are different groups within our community more frequently targeted by or susceptible to Internet fraud?
  • How frequently does the university experience various types of attacks?
  • Does attack success correlate with specific safeguards (admin/technical/physical protective measures) and which controls are the best investment?
  • Which colleges or departments are victimized more often?

To answer these questions, we need to be able to draw in a variety of data sources from many different technology environments (Remedy, Peoplesoft, homegrown (SQL), Splunk, raw logs (fixed field text), etc), transform the data into standard elements, perform analysis, then present the results in a clear manner suitable for a lay audience.

Requirement

The solution must:

  • Use off the shelf tools supported by CIT (Wherescape, Oracle, Tableau, etc),
  • Be extensible to data sources and metrics not yet defined,
  • Be maintainable by a team with minimal effort, irrespective of technical aptitude,
  • Be documented to facilitate long term maintenance and support.

Opportunity

One of the fastest growing, hottest selling segments of the commercial security products market are tools that give business intelligence information to IT leadership to facilitate risk management activities, resource planning, reporting, and demonstrate business value. A successful project that integrates data sources with mainstream visualization and reporting tools has considerable market potential.