Abstract: A method (200) for use in securing a computing system (416) against a recovery scenario from which the computing system would require recovery. The method comprises: i) obtaining (202) system recovery indicators for the computing system; and ii) predicting (204) a likelihood that the computing system will undergo the recovery scenario from the system recovery indicators using a model trained using a machine learning process that takes as input the system recovery indicators.

Abstract: A method is implemented by a security service orchestration function (SSOF) in a communication infrastructure, that includes a plurality of PLMNs and a plurality of enterprises, for orchestration of a security service level agreement (S-SLA). The method includes receiving, by a SSOF in a HPLMN, a S-SLA request from one or more of the enterprises. Each S-SLA request includes a plurality of requirements. The HPLMN corresponds to one of the plurality of PLMNs. The method also includes converting each S-SLA request into a consistent and unified S-SLA offerable to each enterprise. The consistent and unified S-SLA includes security attributes that the HPLMN is capable of providing. The method also includes offering the consistent and unified S-SLA to each enterprise that submitted the S-SLA request. The method further includes transforming each S-SLA request from the enterprises into security policies and controls to be enforced within the HPLMN.

Abstract: A method implemented by a security service orchestration function (SSOF) in a communication infrastructure, that includes a plurality of communication service providers (CSPs), for orchestration of a security service level agreement (S-SLA) includes receiving a S-SLA request, by a CSP, from one or more other CSPs. Each S-SLA request includes a plurality of requirements. The method also includes converting each S-SLA request into a consistent and unified S-SLA offerable to each other CSP. The consistent and unified S-SLA includes security attributes that the CSP is capable of providing the other CSPs. The method also includes offering the consistent and unified S-SLA to each other CSP that submitted the S-SLA request. The method further includes receiving a response from each other CSP. The response from each other CSP includes an acknowledgement or a decline of the consistent and unified S-SLA including a non-repudiation signature of acknowledgement or declining.

Abstract: A method implemented by a security service orchestration function (SSOF) in a communication infrastructure, that includes a communication service provider (CSP) and a plurality of enterprises, for orchestration of a security service level agreement (S-SLA). The method includes receiving a S-SLA request from one or more of the enterprises. Each S-SLA request includes a plurality of requirements. The method also includes converting each S-SLA request into a unique S-SLA corresponding to the plurality of requirements in the S-SLA request from an associated enterprise. Each unique S-SLA includes security attributes that the CSP is capable of providing. The method additionally includes offering the unique S-SLA to the associated enterprise for each enterprise that submitted the S-SLA request. The method further includes receiving a response from each enterprise.

Abstract: There is provided mechanisms for generating a security configuration profile for a network entity. A method is performed by a security configuration entity. The method comprises generating the security configuration profile for the network entity based on network entity information, deployment information, and feedback information for a previously generated security configuration profile. The method comprises determining, based on calculating a risk score for the generated security configuration profile, whether the security configuration profile is to be provided towards the network entity or not. The method comprises generating feedback information for the security configuration profile based on the risk score, the network entity information, and the deployment information.

Abstract: A Security automation system (100; 400; 500) configured for security management of an Information Technology (IT) system (200), the security automation system using machine learning (ML). The system comprises a Threat engine (110), a Risk engine (120), a Policy engine (130) and a Security Adaptation engine (140). The Threat engine (110) comprises a threat catalog and detection rules for identifying threat events, wherein the detection rules are automatically adjusted and modified based on information collected from the managed IT system.