About the Project

Project description

Este proyecto surge del Trabajo de Fin de Máster (TFM) del Master en Ciberseguridad, titulado «Metodología para la implementación de un SIEM open-source robusto en organizaciones de la Administración Pública»

The main objective of the research is to develop a detailed methodology for implementing a robust open-source SIEM (Security Information and Event Manager) in government organizations. Using innovative approaches and open-source tools, it seeks to improve public sector entities' cybersecurity posture and protect critical infrastructures and citizens' data.

Background

These studies are essential because they explore how implementing open-source tools in public organizations with budget constraints and limited resources can be critical to addressing cybersecurity challenges in Latin America and the Caribbean (LAC). Given technology's growing role in government management, understanding how these tools can strengthen cyber defenses and protect critical data is essential to ensuring security and trust in digital services.

Implementing a Robust Open-Source SIEM: A Methodology for Strengthening Public Sector Cyber Defense

This study presents a methodology for implementing an open-source tool to strengthen cyber defense in response to growing cybersecurity challenges in public administration. It highlights the advantages of open-source software in terms of cost and flexibility, especially given the budgetary constraints and lengthy administrative processes that hinder technology adoption in many LAC countries. In addition to implementation, other open-source solutions are integrated to extend cybersecurity capabilities, thus providing a holistic approach to addressing threats in the digital environment.

Read more

Resource 1: Glossary

The glossary defines key cybersecurity terms for implementing SIEM (Security Information and Event Management). 

Read more

Resource 2: Manual

The user manual provides detailed instructions and case studies for using the open-source SIEM. Its clear and straightforward steps guide users through monitoring and managing the SIEM to strengthen cyber defense.

Read more

Resource 3: Guide

The practical guide provides a step-by-step approach to implementing Wazuh SIEM in government organizations. From scope definition to integration with other tools, this guide provides detailed guidance to ensure a robust, sustainable, and successful implementation of open-source SIEM.

Read more

General Objective

This project aims to improve organizations' cybersecurity posture for detection, response, and protection against cyber threats by creating a methodology for implementing an effective open-source SIEM tool.

Specific Objectives

1. Research current best practices and approaches to implementing SIEM systems, including using resources such as a glossary to ensure an understanding of key terms.

2. Design a detailed methodology that covers the entire process, from planning and integration to ongoing management of an open-source SIEM in organizations. The methodology should include developing resources such as a user manual and a guide to facilitate the tool's operation and configuration.

3. Test and validate the proposed methodology in simulated and real-world environments to evaluate its effectiveness and feasibility in different organizational contexts, using resources such as a comprehensive guide to orient the process.

4. Provide specific recommendations to improve the implementation and management of open-source SIEM, emphasizing resource optimization and leveraging existing resources.

Findings and Results Achieved

Implementing a Robust Open-Source SIEM: A Methodology for Strengthening Public Sector Cyber Defense

  • The project proposes a sound methodology for implementing a robust open-source SIEM in public organizations, highlighting Wazuh as the most suitable tool.
  • The proposed methodology prioritizes defining the scope and requirements for deploying the tool within any organization's infrastructure.
  • Se destaca la optimización del SIEM Wazuh como una «herramienta robusta» mediante la integración de otras soluciones de código abierto que añaden capacidades adicionales de ciberseguridad. Esta estrategia enfatiza la importancia de mejorar sistemas existentes en lugar de crear nuevos, lo que contribuye a una solución más sostenible a largo plazo.
  • The importance of training the cybersecurity team for proactive detection and response is stressed.

Resource 1: Glossary

  • The glossary clarifies technical cybersecurity terms, making them accessible to all users.
  • It promotes a common language within the project, facilitating collaboration and information sharing.
  • The digital format of the glossary makes it easily accessible to all users, anytime, anywhere.

Resource 2: Manual

  • The user manual covers all functionalities of the open-source SIEM, guiding users on its correct operation.
  • Use case examples to help users understand how to apply SIEM functionalities in real situations.
  • The manual presents clear and concise instructions, facilitating its use by users with different levels of technical experience.

Resource 3: Guide

  • It facilitates fast and efficient implementation of the open-source SIEM, even for users with limited technical experience.
  • The guide equips users to configure a robust SIEM that can be adapted to address their organization's specific security challenges.
  • The guide facilitates the integration of the SIEM with other existing security tools, maximizing its potential.

Impact and Conclusions

The research findings demonstrate that the proposed methodology for implementing an open-source SIEM, supported by complementary resources, can significantly improve cybersecurity in public sector organizations.

By highlighting the importance of collaboration and efficient use of resources, the proposed methodology avoids duplication of effort and fosters the creation of long-term sustainable solutions.

The resources provided, such as the glossary of terms, user manual, and practical guide, facilitate the understanding and use of SIEM, enabling organizations to take full advantage of its capabilities.

This study empowers public organizations by offering a comprehensive roadmap to successfully implement an open-source SIEM, bolstering their defenses against cyber threats and enhancing the protection of critical information.

EN
EN ES