INTEGRATION OF AUTOMATED SOLUTIONS INTO THE INFORMATION SECURITY MANAGEMENT SYSTEM BASED ON THE APPLICATION OF SIEM TECHNOLOGIES
Abstract
The theoretical, scientific-methodological and organizational-functional foundations of the use of SIEM systems in information security management are considered. Modern approaches to information security management and incident investigation are determined. Methodological approaches to the formation of the concept of the function-ing of SIEM systems in information security management are presented. The stages of solving the scientific and practi-cal problem associated with increasing the level of security of information systems using SIEM systems in information security management are proposed. In modern conditions of rapid development of digital technologies and global digi-talization, the issue of ensuring information security is becoming particularly relevant. Every year, the number of cyber threats is increasing, becoming more complex, coordinated and targeted, which, in turn, creates new challenges for enterprises, government agencies and the private sector. In this context, the formation of an effective information secu-rity management system (ISMS) is not only a technical but also a strategic necessity for any organization. An ISMS, built in accordance with international standards, in particular ISO/IEC 27001, provides a holistic risk management policy, controls access to critical information assets and allows you to form a security culture in the organizational environment. At the same time, traditional approaches to organizing information security are increasingly proving to be insufficiently effective in the conditions of a dynamic threat landscape. One of the main problems is the fragmentation of protection measures, which leads to the loss of a holistic picture of security events in the organization. Delays in responding to incidents, caused mainly by manual processing of information, as well as risks associated with the human factor (errors, bias, oversights), significantly reduce the effectiveness of the protection system. Therefore, there is a growing need to integrate automated solutions that are able to ensure timely detection, analysis and response to cyber threats with minimal human involvement. In this context, SIEM technologies (Security Information and Event Manage-ment) are becoming increasingly widespread, combining the functionality of collecting, normalizing, correlating and analyzing information security events with the ability to detect anomalies and automated response to incidents. The integration of SIEM into the information security management system allows you to create a single information and analytical center that provides continuous monitoring and control of the security status in real time. The purpose of the article is to study the possibilities of integrating automated solutions based on SIEM technologies into the ISMS, taking into account current challenges, practical aspects of implementation and potential advantages of such an approach. The study analyzed the architectural and functional features of SIEM systems, determined their role in reducing the impact of the human factor and accelerating the processes of detecting and responding to incidents, and also consid-ered the prospects for further development of SIEM in combination with artificial intelligence technologies and auto-mated SOAR (Security Orchestration, Automation and Response) platforms. The article is aimed at revealing the inno-vative potential of automation in the field of information security and substantiating the feasibility of implementing such solutions in organizations of various scales.
References
2. Про Національний координаційний центр кібербезпеки. Верховна Рада України. 2016. URL: https://zakon.rada.gov.ua/laws/show/242/2016#Text.
3. Uetz R., Herzog M., Hackländer L., Schwarz S., Henze M. You Cannot Escape Me: Detecting Evasions of SIEM Rules in Enterprise Networks. arXiv. 2023. URL: https://arxiv.org/abs/2302.08128.
4. Shukla A., Gandhi P. A., Elovici Y., Shabtai A. RuleGenie: SIEM Detection Rule Set Optimization. arXiv. 2025. URL: https://arxiv.org/abs/2504.05678.
5. Kremer R., Wudali P. N., Momiyama S., Araki T., Furukawa J., Elovici Y., Shabtai A. IC SECURE: Intelligent System for Assisting Security Experts in Generating Playbooks for Automated Incident Response. arXiv. 2023. URL: https://arxiv.org/abs/ 2306.04593.
6. Advancing Cyber Resilience through the Convergence of SIEM, SOAR, and AI Technologies. ResearchGate. 2025. URL: https://www.researchgate.net/publication/378741231.
7. Pulyala S. Reddy. From Detection to Prediction: AI powered SIEM for Proactive Threat Hunting and Risk Mitigation. Turkish Journal of Computer and Mathematics Education. 2024. Vol. 15, No. 3. P. 112-119. URL: https://www.turcomat.org/index.php/ turk-bilmat/article/view/5214.
8. TechScience Review. AI/ML in Security Orchestration, Automation and Response: Future Research Directions. TechScience. 2025. URL: https://www.techscience.com/cmc/v76n1/59053.
9. Miller D. Security Information and Event Management (SIEM) – Implementation Guide. Boca Raton: CRC Press, 2020. 358 p.
10. Pitis A. SIEM: Trends and Best Practices for Operations and Development. Apress, 2020. 242 p.
11. Коробейнікова Т. І., Федорченко В. В. Системний моніторинг мережевої безпеки в тріаді SIEM-EDR-NDR. International scientific journal «Grail of Science». 2023. №3 (31) (May, 2023). С. 354-360.
12. Коробейнікова Т. І., Федорченко В. В. Системний моніторинг мережевої безпеки в тріаді SIEM-EDR-NDR. International periodical scientific journal «SWorldJournal». 2023. № 19 (part 1) (May, 2023). С. 33-39.
13. Кошара А., Бакало Б. Підвищення захищеності державного сектору на основі SIEM-систем. Інфокомунікаційні та комп’ютерні технології. 2023. Т. 2, № 4. С. 128–133. URL: https://doi.org/10.36994/2788-5518-2022-02-04-14.
14. Драб Ю., Ящук В. Основні підходи до по-будови системи управління інформаційною безпекою. Інформаційна безпека та інформаційні технології: збірник тез доповідей V Всеукраїнської науково-практичної конференції молодих учених, студентів і курсантів, м. Львів, 26 листопада 2021 року. Львів: ЛДУ БЖД, 2021. С. 29-32.
15. Yashchuk V., Ivanusa A., Maslova N., Tkachuk R., Brych T. INTEGRATION OF VULNERABILITY DATABASES INTO ISMS – A PATH TO ENHANCING CYBER RESILIENCE OF CRITICAL SYSTEMS. Resilient Systems: Secure Digital Technologies and Critical Infrastructure: Proceedings of 1st International Scientific and Practical Conference. Drohobych: Donetsk National Technical University, 2025. 184 p. P. 60-66.
16. Top SIEM Use Cases for Correlation and SIEM Alerts Best Practices. DNSstuff. 2020. URL: https://www.dnsstuff.com/common-siem-alerts.
17. Computer Networking and Cybersecurity: A Guide to Understanding Communications Systems, Internet Connections, and Network Security Along with Protection from Hacking and Cyber Security Threats. 2020. 242 p.
_.png)
