{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,12]],"date-time":"2025-11-12T20:47:56Z","timestamp":1762980476117,"version":"build-2065373602"},"reference-count":51,"publisher":"MDPI AG","issue":"4","license":[{"start":{"date-parts":[[2017,11,23]],"date-time":"2017-11-23T00:00:00Z","timestamp":1511395200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Systems"],"abstract":"<jats:p>Cyber-attacks have increased in severity and complexity. That requires, that the CERT\/CSIRT research and develops new security tools. Therefore, our study focuses on the design of an integral model based on Business Intelligence (BI), which provides reactive and proactive services in a CSIRT, in order to alert and reduce any suspicious or malicious activity on information systems and data networks. To achieve this purpose, a solution has been assembled, that generates information stores, being compiled from a continuous network transmission of several internal and external sources of an organization. However, it contemplates a data warehouse, which is focused like a correlator of logs, being formed by the information of feeds with diverse formats. Furthermore, it analyzed attack detection and port scanning, obtained from sensors such as Snort and Passive Vulnerability Scanner, which are stored in a database, where the logs have been generated by the systems. With such inputs, we designed and implemented BI systems using the phases of the Ralph Kimball methodology, ETL and OLAP processes. In addition, a software application has been implemented using the SCRUM methodology, which allowed to link the obtained logs to the BI system for visualization in dynamic dashboards, with the purpose of generating early alerts and constructing complex queries using the user interface through objects structures. The results demonstrate, that this solution has generated early warnings based on the level of criticality and level of sensitivity of malware and vulnerabilities as well as monitoring efficiency, increasing the level of security of member institutions.<\/jats:p>","DOI":"10.3390\/systems5040052","type":"journal-article","created":{"date-parts":[[2017,11,23]],"date-time":"2017-11-23T11:15:47Z","timestamp":1511435747000},"page":"52","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":10,"title":["An Integral Model to Provide Reactive and Proactive Services in an Academic CSIRT Based on Business Intelligence"],"prefix":"10.3390","volume":"5","author":[{"given":"Walter","family":"Fuertes","sequence":"first","affiliation":[{"name":"Department of Computer Sciences, Universidad de las Fuerzas Armadas ESPE, Av. General Rumi\u00f1ahui, S\/N, Sangolqui 171-5-231-B, Ecuador"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Francisco","family":"Reyes","sequence":"additional","affiliation":[{"name":"Department of Computer Sciences, Universidad de las Fuerzas Armadas ESPE, Av. General Rumi\u00f1ahui, S\/N, Sangolqui 171-5-231-B, Ecuador"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Pa\u00fal","family":"Valladares","sequence":"additional","affiliation":[{"name":"Department of Computer Sciences, Universidad de las Fuerzas Armadas ESPE, Av. General Rumi\u00f1ahui, S\/N, Sangolqui 171-5-231-B, Ecuador"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Freddy","family":"Tapia","sequence":"additional","affiliation":[{"name":"Department of Computer Sciences, Universidad de las Fuerzas Armadas ESPE, Av. General Rumi\u00f1ahui, S\/N, Sangolqui 171-5-231-B, Ecuador"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Theofilos","family":"Toulkeridis","sequence":"additional","affiliation":[{"name":"Department of Computer Sciences, Universidad de las Fuerzas Armadas ESPE, Av. General Rumi\u00f1ahui, S\/N, Sangolqui 171-5-231-B, Ecuador"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ernesto","family":"P\u00e9rez","sequence":"additional","affiliation":[{"name":"Corporaci\u00f3n Ecuatoriana para el Desarrollo de la Investigaci\u00f3n y la Academia, La Condamine 12-109, Ecuador"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2017,11,23]]},"reference":[{"unstructured":"Wamala, F. (2011). ITU National Cybersecurity Strategy Guide, International Telecommunications Union.","key":"ref_1"},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"16","DOI":"10.1109\/MSP.2014.89","article-title":"Computer security incident response team development and evolution","volume":"12","author":"Ruefle","year":"2014","journal-title":"IEEE Secur. Priv."},{"key":"ref_3","first-page":"61","article-title":"Computer security incident handling guide","volume":"800","author":"Cichonski","year":"2012","journal-title":"NIST Spec. Publ."},{"key":"ref_4","first-page":"150","article-title":"Guide to cyber threat information sharing","volume":"800","author":"Johnson","year":"2016","journal-title":"NIST Spec. Publ."},{"unstructured":"Watkins, B. (2017, September 22). The Impact of Cyber-Attacks on the Private Sector. Available online: http:\/\/www.amo.cz\/wp-content\/uploads\/2015\/11\/amocz-BP-2014-3.pdf.","key":"ref_5"},{"doi-asserted-by":"crossref","unstructured":"Sandberg, A.B., and Crnkovic, I. (2017, January 20\u201328). Meeting industry: Academia research collaboration challenges with agile methodologies. Proceedings of the 39th International Conference on Software Engineering, Buenos Aires, Argentina.","key":"ref_6","DOI":"10.1109\/ICSE-SEIP.2017.20"},{"unstructured":"Freet, D., and Agrawal, R. (April, January 30). A virtual machine platform and methodology for network data analysis with IDS and security visualization. Proceedings of the Southeast Con, Charlotte, NC, USA.","key":"ref_7"},{"doi-asserted-by":"crossref","unstructured":"Wedgbury, A., and Jones, K. (2015, January 17\u201318). Automated asset discovery in industrial control systems: Exploring the problem. Proceedings of the 3rd International Symposium for ICS & SCADA Cyber Security Research, British Computer Society, Ingolstadt, Germany.","key":"ref_8","DOI":"10.14236\/ewic\/ICS2015.8"},{"doi-asserted-by":"crossref","unstructured":"Kimball, R., Ross, M., Becker, B., Mundy, J., and Thornthwaite, W. (2015). The Kimball Group Reader: Relentlessly Practical Tools for Data Warehousing and Business Intelligence Remastered Collection, John Wiley & Sons.","key":"ref_9","DOI":"10.1002\/9781119228912"},{"doi-asserted-by":"crossref","unstructured":"Power, D.J., and Sharda, R. (2009). Decision Support Systems. Springer Handbook of Automation, Springer.","key":"ref_10","DOI":"10.1007\/978-3-540-78831-7_87"},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"17","DOI":"10.1145\/2407740.2407741","article-title":"Business intelligence and analytics: Research directions","volume":"3","author":"Lim","year":"2013","journal-title":"ACM Trans. Manag. Inf. Syst."},{"doi-asserted-by":"crossref","unstructured":"Pipyros, K., Thraskias, C., Mitrou, L., Gritzalis, D., and Apostolopoulos, T. (2017). A new strategy for improving cyber-attacks evaluation in the context of Tallinn Manual. Comput. Secur.","key":"ref_12","DOI":"10.1016\/j.cose.2017.04.007"},{"doi-asserted-by":"crossref","unstructured":"Rajasekharaiah, K.M., Dule, C.S., and Srimani, P.K. (2016, January 3\u20135). CRSA cryptosystem based secure data mining model for business intelligence applications. Proceedings of the International Conference on Electrical, Electronics and Optimization Techniques (ICEEOT), Chennai, India.","key":"ref_13","DOI":"10.1109\/ICEEOT.2016.7754812"},{"doi-asserted-by":"crossref","unstructured":"Valladares, P., Fuertes, W., Tapia, F., Toulkeridis, T., and P\u00e9rez, E. (2017, January 9\u201312). Dimensional data model for early alerts of malicious activities in a CSIRT. Proceedings of the 2017 International Symposium on Performance Evaluation of Computer and Telecommunication Systems (SPECTS), Seattle, WA, USA.","key":"ref_14","DOI":"10.23919\/SPECTS.2017.8046771"},{"unstructured":"Yang, J., Ryu, D., and Baik, J. (2016, January 18\u201320). Improving vulnerability prediction accuracy with secure coding standard violation measures. Proceedings of the 2016 International Conference on Big Data and Smart Computing (BigComp), Hong Kong, China.","key":"ref_15"},{"doi-asserted-by":"crossref","unstructured":"Macas, M., Lagla, L., Fuertes, W., Guerrero, G., and Toulkeridis, T. (2017, January 19\u201321). Data Mining model in the discovery of trends and patterns of intruder attacks on the data network as a public-sector innovation. Proceedings of the 2017 Fourth International Conference on eDemocracy & eGovernment (ICEDEG), Quito, Ecuador.","key":"ref_16","DOI":"10.1109\/ICEDEG.2017.7962513"},{"doi-asserted-by":"crossref","unstructured":"Manuel, J., Cordeiro, R., and Silva, C. (2017, September 05). Between Data Mining and Predictive Analytics Techniques to Cybersecurity Protection on eLearning Environments. Available online: https:\/\/link.springer.com\/chapter\/10.1007\/978-3-319-67621-0_17.","key":"ref_17","DOI":"10.1007\/978-3-319-67621-0_17"},{"key":"ref_18","first-page":"191","article-title":"Cybersecurity: Challenges from a Systems, Complexity, Knowledge Management and Business Intelligence Perspective","volume":"16","author":"Tisdale","year":"2015","journal-title":"Issues Inf. Syst."},{"doi-asserted-by":"crossref","unstructured":"Gabriel, R., Hoppe, T., Pastwa, A., and Sowa, S. (2009, January 1\u20136). Analyzing malware log data to support security information and event management: Some research results. Proceedings of the First International Conference on Advances in Databases, Knowledge and Data Applications, DBKDA\u201909, Gosier, Guadeloupe.","key":"ref_19","DOI":"10.1109\/DBKDA.2009.26"},{"doi-asserted-by":"crossref","unstructured":"Harang, R., and Guarino, P. (November, January 29). Clustering of Snort alerts to identify patterns and reduce analyst workload. Proceedings of the Military Communications Conference, 2012-MILCOM 2012, Orlando, FL, USA.","key":"ref_20","DOI":"10.1109\/MILCOM.2012.6415777"},{"doi-asserted-by":"crossref","unstructured":"Hellwig, O., Quirchmayr, G., Huber, E., Goluch, G., Vock, F., and Pospisil, B. (September, January 31). Major Challenges in Structuring and Institutionalizing CERT-Communication. Proceedings of the 2016 11th International Conference on Availability, Reliability and Security (ARES), Salzburg, Austria.","key":"ref_21","DOI":"10.1109\/ARES.2016.57"},{"unstructured":"Bollinger, J., Enright, B., and Valites, M. (2015). Crafting the InfoSec Playbook: Security Monitoring and Incident Response Master Plan, O\u2019Reilly Media, Inc.","key":"ref_22"},{"doi-asserted-by":"crossref","unstructured":"Kruidhof, O. (2014). Evolution of National and Corporate CERTs-Trust, the Key Factor, IOS Press.","key":"ref_23","DOI":"10.3233\/978-1-61499-372-8-81"},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"35","DOI":"10.1109\/MSP.2014.103","article-title":"The operational role of security information and event management systems","volume":"12","author":"Bhatt","year":"2014","journal-title":"IEEE Secur. Priv."},{"unstructured":"Osorno, M., Millar, T., and Rager, D. (2011). Coordinated Cybersecurity Incident Handling: Roles, Processes and Coordination Networks for Crosscutting Incidents, Laurel Md Applied Physics Lab.","key":"ref_25"},{"doi-asserted-by":"crossref","unstructured":"Qian, Y., Fang, Y., Jaatun, M.G., Johnsen, S.O., and Gonzalez, J.J. (2010, January 5\u20138). Managing emerging information security risks during transitions to Integrated Operations. Proceedings of the 2010 43rd Hawaii International Conference on System Sciences (HICSS), Honolulu, HI, USA.","key":"ref_26","DOI":"10.1109\/HICSS.2010.260"},{"doi-asserted-by":"crossref","unstructured":"Belsis, M.A., Simitsis, A., and Gritzalis, S. (2005). Workflow Based Security Incident Management. Panhellenic Conference on Informatics, Springer.","key":"ref_27","DOI":"10.1007\/11573036_65"},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1016\/S1361-3723(16)30051-3","article-title":"Knowledge is power: The evolution of threat intelligence","volume":"7","author":"Elmellas","year":"2016","journal-title":"Comput. Fraud Secur."},{"doi-asserted-by":"crossref","unstructured":"Grobler, M., Jacobs, P., and van Niekerk, B. (2016). Cyber Security Centres for Threat Detection and Mitigation. Threat Mitigation and Detection of Cyber Warfare and Terrorism Activities, IGI Global.","key":"ref_29","DOI":"10.4018\/978-1-5225-1938-6.ch002"},{"doi-asserted-by":"crossref","unstructured":"Sharkov, G. (2016, January 24\u201328). From Cybersecurity to Collaborative Resiliency. Proceedings of the 2016 ACM Workshop on Automated Decision Making for Active Cyber Defense, Vienna, Austria.","key":"ref_30","DOI":"10.1145\/2994475.2994484"},{"doi-asserted-by":"crossref","unstructured":"Mej\u00eda, J., Mu\u00f1oz, M., Ram\u00edrez, H., and Pe\u00f1a, A. (2016). Proposal of Content and Security Controls for a CSIRT Website. New Advances in Information Systems and Technologies, Springer International Publishing.","key":"ref_31","DOI":"10.1007\/978-3-319-31232-3_40"},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.ins.2013.10.008","article-title":"Business intelligence in risk management: Some recent progresses","volume":"256","author":"Wu","year":"2014","journal-title":"Inf. Sci."},{"doi-asserted-by":"crossref","unstructured":"Gahi, Y., Guennoun, M., and Mouftah, H.T. (2016, January 27\u201330). Big Data Analytics: Security and privacy challenges. Proceedings of the 2016 IEEE Symposium on Computers and Communication (ISCC), Messina, Italy.","key":"ref_33","DOI":"10.1109\/ISCC.2016.7543859"},{"key":"ref_34","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1186\/s40537-015-0013-4","article-title":"Intrusion detection and big heterogeneous data: A survey","volume":"2","author":"Zuech","year":"2015","journal-title":"J. Big Data"},{"doi-asserted-by":"crossref","unstructured":"Mahmood, T., and Afzal, U. (2013, January 11\u201312). Security analytics: Big data analytics for cybersecurity: A review of trends, techniques and tools. Proceedings of the Information Assurance (NCIA), Rawalpindi, Pakistan.","key":"ref_35","DOI":"10.1109\/NCIA.2013.6725337"},{"unstructured":"Jaramillo, E., Munier, M., and Aniort\u00e9, P. (2013, January 5). Information Security in Business Intelligence based on Cloud: A Survey of Key Issues and the Premises of a Proposal. Proceedings of the 10th International Workshop on Security in Information Systems, Angers, France.","key":"ref_36"},{"key":"ref_37","doi-asserted-by":"crossref","first-page":"643","DOI":"10.1016\/j.cose.2012.04.001","article-title":"Incident response teams\u2014Challenges in supporting the organizational security function","volume":"31","author":"Ahmad","year":"2012","journal-title":"Comput. Secur."},{"unstructured":"Kimball, R., and Caserta, J. (2011). The Data Warehouse? ETL Toolkit: Practical Techniques for Extracting, Cleaning, Conforming, and Delivering Data. John Wiley & Sons.","key":"ref_38"},{"unstructured":"Mohd, N., Yunos, Z., Ariffin, A., and Nor, A. (2016, January 8\u20139). CSIRT Management Workflow: Practical Guide for Critical Infrastructure Organizations. Proceedings of the 10th European Conference on Information Systems Management, ECISM 2016, Evora, Portugal.","key":"ref_39"},{"unstructured":"Kimball, R., and Ross, M. (2013). The Data Warehouse Toolkit: The Definitive Guide to Dimensional Modeling, John Wiley & Sons.","key":"ref_40"},{"unstructured":"Schieber, D., and Reid, G. (2004). CSIRT Case Classification (Example for Enterprise CSIRT), Technical Report; FIRST.","key":"ref_41"},{"key":"ref_42","doi-asserted-by":"crossref","first-page":"317","DOI":"10.1007\/s10758-017-9316-1","article-title":"Give me a customizable dashboard: Personalized learning analytics dashboards in higher education","volume":"22","author":"Roberts","year":"2017","journal-title":"Technol. Knowl. Learn."},{"unstructured":"Bouman, R., and van Dongen, J. (2009). Pentaho Solutions: Business Intelligence and Data Warehousing with Pentaho and MySQL, Wiley Publishing.","key":"ref_43"},{"unstructured":"Sugumaran, V., Sangaiah, A.K., and Thangavelu, A. (2017). Computational Intelligence Applications in Business Intelligence and Big Data Analytics, CRC Press.","key":"ref_44"},{"unstructured":"Mulder, S. (2011). An Action Research Study on the Use of SCRUM to Provide Agility in Data Warehouse Development. [Ph.D. Thesis, University of Pretoria].","key":"ref_45"},{"unstructured":"Goede, R. (2011, January 24\u201326). Agile Data Warehousing: The Suitability of SCRUM as Development Methodology. Proceedings of the 5th IADIS Multi Conference on Computer Science and Information Systems, Rome, Italy.","key":"ref_46"},{"unstructured":"Scholtz, I.I. (2016). Inmon versus Kimball: The Agile Development of a Data Warehouse. [Ph.D. Thesis, North-West University].","key":"ref_47"},{"key":"ref_48","doi-asserted-by":"crossref","first-page":"120","DOI":"10.1109\/2.947100","article-title":"Agile software development: The business of innovation","volume":"34","author":"Highsmith","year":"2001","journal-title":"IEEE Comput."},{"doi-asserted-by":"crossref","unstructured":"Iqbal, M.H., and Soomro, T.R. (2015). Big data analysis: Apache storm perspective. Int. J. Comput. Trends Technol., 9\u201314.","key":"ref_49","DOI":"10.14445\/22312803\/IJCTT-V19P103"},{"doi-asserted-by":"crossref","unstructured":"Dayarathna, M., Malshan, M., Perera, S., and Jayasinghe, M. (2017, January 19\u201323). Scalable Complex Event Processing on a Notebook. Proceedings of the 11th ACM International Conference on Distributed and Event-Based Systems, Barcelona, Spain.","key":"ref_50","DOI":"10.1145\/3093742.3095093"},{"key":"ref_51","doi-asserted-by":"crossref","first-page":"353","DOI":"10.1007\/s00450-016-0334-3","article-title":"NoSQL database systems: a survey and decision guidance","volume":"32","author":"Gessert","year":"2017","journal-title":"Comput. Sci. Res. Dev."}],"container-title":["Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2079-8954\/5\/4\/52\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T18:51:02Z","timestamp":1760208662000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2079-8954\/5\/4\/52"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,11,23]]},"references-count":51,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2017,12]]}},"alternative-id":["systems5040052"],"URL":"https:\/\/doi.org\/10.3390\/systems5040052","relation":{},"ISSN":["2079-8954"],"issn-type":[{"type":"electronic","value":"2079-8954"}],"subject":[],"published":{"date-parts":[[2017,11,23]]}}}