SecSAGE: NIST Cybersecurity Framework Visualization on SAGE2
Article Sidebar
Main Article Content
Abstract
Cybersecurity has been an area of great interest for an organization, given the signicance of data and the increasing cybersecurity threats. The National Institute of Standards and Technology (NIST) has developed a cybersecurity framework intended for voluntary utilization by critical infrastructure owners and operators. Its primary purpose is to aid in the effective management of cybersecurity risks. This framework, similar to many other security standards, comprises a substantial volume of textual information that can be challenging to grasp comprehensively in a limited timeframe. In response to this challenge, we designed and developed an interactive visualization of the NIST Cybersecurity Framework using the SAGE2 platform. Our objective is to facilitate a better understanding of the framework. In addition, using SAGE2 enhances collaborative working. In our project, we analyze the content within the NIST document and map the framework's five core functions into a rich visualization workow. Each function includes categories, sub-categories, and references that users can interactively explore. Our experiments show that our visualization can help participants correctly find the information about the NIST Cybersecurity Framework faster than manually finding the information in the document. For all tasks, participants can complete the tasks around 4.25 times faster than the manual method on average.
Article Details
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
References
National Institute of Standards and Technology, “Framework for Improving Critical Infrastructure Cybersecurity,” 2018.
Joint Technical Committee ISO/IEC JTC 1, “ISO/IEC 27001 Information security, cybersecurity and privacy protection Information security management systems Requirements,” 2022.
Joint Technical Committee ISO/IEC JTC 1, “ISO/IEC 27002 Information security, cybersecurity and privacy protection Information security controls,” 2022.
ISACA, “COBIT2019 Framework,” 2019.
ISACA, “Security and Privacy Controls for Information Systems and Organizations,” 2020.
Center for Internet Security, “CIS Critical Security Controls,” 2021.
R. M. Rohrer and E. Swing, “Web-based information visualization,” in IEEE Computer Graphics and Applications, vol. 17, no. 4, pp. 52-59, July-Aug. 1997
T. Marrinan et al., “SAGE2: A new approach for data intensive collaboration using Scalable Resolution Shared Displays,” 10th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing, Miami, FL, USA, pp. 177-186, 2014.
J. Mitrpanont, J. Roungsuriyaviboon, T. Sathapornwatanakul, W. Sawangphol, D. Kobayashi and J. H. Haga, “Extending MedThaiVis-Thai medical research visualization to SAGE2 display walls,” 2017 2nd International Conference on Information Technology (INCIT), Nakhonpathom, Thailand, pp. 1-6, 2017.
J. Mitrpanont, W. Sawangphol, S. Sillapathadapong, S. Suthinuntasook, W. Thongrattana and J. Haga, “MedThaiSAGE2: Enhancing the Decision Support System using Rich Visualization on SAGE 2,” 2020 - 5th International Conference on Information Technology (InCIT), Chonburi, Thailand, pp. 128-133, 2020.
D. Kobayashi, M. Ready, A. Gonzalez Martinez, N. Kirshenbaum, T. Seto-Mook, J. Leigh and J. Haga, “Sage river disaster information (sagerdi): Demonstrating application data sharing in sage2,” in Proceedings of the 2018 ACM International Conference on Interactive Surfaces and Spaces, ISS ’18, (New York, NY, USA), pp. 33–42, Association for Computing Machinery, 2018.
H. Shiravi, A. Shiravi and A. A. Ghorbani, “A survey of visualization systems for network security,” IEEE Transactions on visualization and computer graphics, vol. 18, no. 8, pp. 1313–1329, 2011.
S. Liu, W. Cui, Y. Wu, and M. Liu, “A survey on information visualization: recent advances and challenges,” The Visual Computer, vol. 30, no. 12, pp. 1373–1393, 2014.
S. Liu, N. Cao and H. Lv, “Interactive Visual Analysis of the NSF Funding Information,” 2008 IEEE Pacific Visualization Symposium, Kyoto, japan, pp. 183-190, 2008.
B. Alper, T. Hollerer, J. Kuchera-Morin and A. Forbes, “Stereoscopic highlighting: 2d graph visualization on stereo displays,” IEEE Transactions on Visualization and Computer Graphics, vol. 17, no. 12, pp. 2325–2333, 2011.
S. Ko, R. Maciejewski, Y. Jang and D. S. Ebert, “Marketanalyzer: an interactive visual analytics system for analyzing competitive advantage using point of sale data,” in Computer Graphics Forum, vol. 31, pp. 1245–1254, Wiley Online Library, 2012.
O. Kersting and J. D ̈ollner, “Interactive 3d visualization of vector data in gis,” in Proceedings of the 10th ACM International Symposium on Advances in Geographic Information Systems, GIS ’02, (New York, NY, USA), pp. 107–112, Association for Computing Machinery, 2002.
R. ElHakim and M. ElHelw, “Interactive 3d visualization for wireless sensor networks,” The Visual Computer, vol. 26, no. 6-8, pp. 1071–1077, 2010.
R. D. Mu ̈ller, X. Qin, D. T. Sandwell, A. Dutkiewicz, S. E. Williams, N. Flament, S. Maus and M. Seton, “The gplates portal: cloud-based interactive 3d visualization of global geophysical and geological data in a web browser,” PloS one, vol. 11, no. 3, p.e0150883, 2016.
D. Bouyssi ́e, J. Lesne, M. Locard-Paulet, R. Albigot, O. Burlet-Schiltz and J. Marcoux, “Hdxviewer: interactive 3d visualization of hydrogen–deuterium exchange data,” Bioinfor-matics, vol. 35, no. 24, pp. 5331–5333, 2019.
J. Mitrpanont, N. Janekitiworapong, S. Ongsritrakul and S. Varasai, “MedThaiVis: An approach for thai biomedical data visualization,” 2017 6th ICT International Student Project Conference (ICT-ISPC), Johor, Malaysia, pp. 1-4, 2017.
J. Geller, C. Ochs, Y. Perl and J. Xu, “New abstraction networks and a new visualization tool in support of auditing the snomed ct content,” in AMIA Annual Symposium Proceedings, vol. 2012, p. 237, American Medical Informatics Association, 2012.
V. Della Mea et al., “A Web-Based Tool for Development of a Common Ontology between ICD11 and SNOMED-CT,” 2014 IEEE International Conference on Healthcare Informatics, Verona, Italy, pp. 144-148, 2014.
D. Chen, R. Zhang, H. Zhao and J. Feng, “A bibliometric analysis of the development of icd11 in medical informatics,” Journal of Healthcare Engineering, vol. 2019, 2019.
I. Herman, G. Melan ̧con and M. S. Marshall, “Graph visualization and navigation in information visualization: A survey,” IEEE Transactions on Visualization and Computer Graphics, vol. 6, no. 1, pp. 24–43, 2000.
H.-J. Schulz, “Treevis.net: A tree visualization reference,” IEEE Computer Graphics and Applications, vol. 31, no. 6, pp. 11–15, 2011.
K. Kit Hoi, D. Lun Lee and J. Xu, “Document visualization on small displays,” in Mobile Data Management (M.-S. Chen, P. K. Chrysanthis, M. Sloman, and A. Zaslavsky, eds.), (Berlin, Heidelberg), pp. 262–278, Springer Berlin Heidelberg, 2003.
Q. Gan, M. Zhu, M. Li, T. Liang, Y. Cao and B. Zhou, “Document visualization: an overview of sualisation. current research,” WIREs Computational Statistics, vol. 6, no. 1, pp. 19–36, 2014.
A. Smith, T. Hawes and M. Myers, “Hiearchie: Visualization for hierarchical topic models,” in Proceedings of the Workshop on Interactive Language Learning, Visualization, and Interfaces, pp. 71–78, 2014.
H. Z. Yerebakan, Y. Shinagawa, P. Bhatia and Y. Zhan, “Document representation learning for patient history visualization,” in Proceedings of the 27th International Conference on Computational Linguistics: System Demonstrations, (Santa Fe, New Mexico), pp. 30–33, Association for Computational Linguistics, Aug. 2018.
N. Islam, Z. Islam and N. Noor, “A survey on optical character recognition system,” ArXiv, vol. abs/1710.05703, 2017.
F. Pezoa, J. L. Reutter, F. Suarez, M. Ugarte and D. Vrgoˇc, “Foundations of json schema,” in Proceedings of the 25th International Conference on World Wide Web, WWW’16, (Republic and Canton of Geneva, CHE), pp. 263–273, International World Wide Web Conferences Steering Committee, 2016.
Refsnes Data, “What is JSON?,” 2019.
J. T. Force and T. Initiative, “Security and privacy controls for federal information systems and organizations,” NIST Special Publication, vol. 800, no. 53, pp. 8–13, 2013.
P. Bernard, COBITr5-A management guide. Van Haren, 2012.
Center for Internet Security, “CIS Center for Internet Security,” 2017.
G. Disterer, “ISO/IEC 27000, 27001 and 27002 for information security management,” Journal of Information Security, vol. 4, no. 2, pp. 92–100, 2013.
International Society of Automation, “International Society of Automation,” 2005.