Cybersecurity Operations Center Management System

Abstract

CyberSecurity Operations Center Management System (CSOCMS) is a knowledge-based system that is currently used by the CyberSecurity analysts of IBM Philippines on their client. These analysts are using CSOCMS as a data repository for all their analysis on every information security-related incident that comes from QRadar SIEM (Security Information and Event Management) and Maximo of IBM. CSOCMS was developed in order to replace the usage of spreadsheet application as a knowledge base. It was proven by the analysts that CSOCMS was able to prevent human errors when inputing analytical data on the system. It also improved the handling, storing, and archiving of data that can be used to cross reference new security incidents. Moreover, CSOCMS also helped the analysts on easily identifying common threats by providing intelligent feeds which is also from the inputted analytical data. Lastly, CSOCMS also allows the analysts to extract these data that can be used on their reports. CSOCMS was developed as a web application. PHP was used as its backend and MySQL as its database. Javascript and HTML was used for its frontend designs. Spiral process model was used during the development of the system in order to ensure that the requirement of the client were met.