International Journal of Science and Research (IJSR) ISSN (Online): 2319-7064 Index Copernicus Value (2016): 79.57 | Impact Factor (2015): 6.391 Volume 6 Issue 11, November 2017 www.ijsr.net Licensed Under Creative Commons Attribution CC BY Decision Support System for Selection and Ranking Security Alternatives Khaled Abdulkareem Alenezi 1 , Imad Fakhri Al-Shaikhli 2 , Sufyan Salim Mahmood AlDabbagh 3 , Tami Alzabi 4 1 Central Agency for Information Technology, Kuwait 2 Department of Computer Science, International Islamic University of Malaysia, 53100 Jalan GombakKuala Lumpur, Malaysia, 3 University of Mosul 4 Project House, Kuwait Abstract: Nowadays, there is wide range of alternatives for hardware and software available in the market; this would create a complex problem for agencies decision makers to select the best tools, software and hardware. When it comes to the information security, alternatives selection is become one of the most important issues. During the network security design, a number of hardware, software, need to be selected in order to make the required design. This design would increase the security and the acceptance of the decision makers. Selection of software and hardware are classified as a daily multi-attribute problem with conflicting criteria. Performance, reliability, usability and other features would play important roles in the selection process. In this paper, we proposed a framework for security tools selection using hybrid of TOPSIS and AHP; AHP is used to calculate the criteria weight while TOPSIS is used with the calculated weight to rank the available security hardware and/or software alternatives. According to the ranking result, the decision maker can select the best alternative with respect to his/her preference Keywords: AHP, TOPSIS, SIEM 1. Introduction Security Information and Event Management (SIEM) automates the incident management (identification and resolution) based on built-in business rules to improve the compliance. The SIEM is used to fulfill the compliance requirements and also to aware from the real-time internal and external threats [1]. The SIEM integrates Security Information Management (SIM) and Security Event Management (SEM). SIEM technology delivers real time analysis of the security alerts that are generated by network hardware and applications. SIM provides long-term storage, reporting and analysis of log data while the SEM deals with real-time monitoring, notifications, security devices, correlation of events, applications, and systems [2, 3]. SIEM provides real-time analysis and correlation by combining SIM and SEM. According to the [3] SIEM technology is usually used for the following three primary purposes; (1) compliance: for log management and create reports for compliance purposes (2) threat management: for the real-time monitoring of user activity, for the access of data, and application activity and incident management (3) A deployment that provides a combination of compliance and threat management capabilities. To perform functions efficiently and effectively, a SIEM tool requires integration and pre-deployment with numerous security devices and it also needs reporting data from a firewall, an authentication service (LDAP, AAA, etc.), IDS sensor, and vulnerability scan data require integrating during the incident handling phase. Correlations and operational efficiency gains are used for identification phase [4]. SIEM identify security events in real time by the correlation of input data. The input data received by SIEM system is usually in textual format [5]. There are four main functions of SIEM tools: (1) log consolidation: it provides centralized logging to a server, (2) threat correlation: the artificial intelligence used to search through multiple logs and log entries for the identification of the attackers, (3) incident Management: this function is used from identification to the eradication of the threat after its identification. This function includes notifications, automated responses, and response and remediation logging, (4) Reporting: this includes reporting of operational efficiency and effectiveness, and compliance (SOX, HIPPA, FISMA, etc.) [4]. 2. Literature Review According to the researcher’s observations, there is very few works done on developing decision making framework comprising: methodology for selecting software packages, criteria for evaluating software packages, technique for evaluating software packages (Jadhav and Sonar, 2009). In addition to that, there is need of system/tool having inbuilt knowledge of software evaluation criteria and evaluation technique which can assist decision makers not only in software selection but also increase efficiency, and brings consistency and transparency in the process of software selection. Although, functional criteria for software selection are not similar for different software packages, other criteria related to the quality, cost and benefits, vendor, hardware and software requirements, opinion of different stakeholders about the software package, and output characteristics of the software package are common and can be used for evaluation of any software package[6]. Paper ID: ART20178335 DOI: 10.21275/ART20178335 1534