AUTHOR=Minkevics Vladislavs , Grabis Jānis 

TITLE=A capability-driven automated cybersecurity monitoring and response system

JOURNAL=Frontiers in Computer Science

VOLUME=Volume 7 - 2025

YEAR=2025

URL=https://www.frontiersin.org/journals/computer-science/articles/10.3389/fcomp.2025.1692263

DOI=10.3389/fcomp.2025.1692263

ISSN=2624-9898

ABSTRACT=Organizations face a variety of cybersecurity threats, and the implementation of security management solutions is a challenging task. This study proposes to implement such solutions in an incremental manner, starting with key requirements and adding new modules as necessary. A set of key requirements with a focus on cybersecurity threat monitoring and response automation is identified. The capability-driven approach is used to describe these requirements in a structured manner. That enables organizations to identify required security management capabilities in alignment with organizational goals. A cybersecurity monitoring and response system is developed on the basis of the capability model. The system uses machine learning models to identify cybersecurity threats, and appropriate response mechanisms are invoked to deal with the threats. It is shown that the selection of the right adjustments defined in the capability model significantly affects cybersecurity management efficiency. The use of machine learning models also allows the system to adapt to handling new cybersecurity threats. The cybersecurity monitoring and response system is compared with the state-of-the-art commercial systems, and it is shown to achieve a comparable performance while providing a higher level of flexibility.