Your new experience awaits. Try the new design now and help us make it even better

ORIGINAL RESEARCH article

Front. Comput. Sci.

Sec. Networks and Communications

This article is part of the Research TopicFrontiers in Information Technology, Electronics, and Management InnovationView all 6 articles

A Capability Driven Automated Cybersecurity Monitoring and Response System

Provisionally accepted
Vladislavs MinkevicsVladislavs Minkevics*Jānis GrabisJānis Grabis
  • Riga Technical University, Riga, Latvia

The final, formatted version of the article will be published soon.

Select one of your emails

You have multiple emails registered with Frontiers:

Notify me on publication

Please enter your email address:

If you already have an account, please login

You don't have a Frontiers account ? You can register here

Organizations face a variety of cybersecurity threats, and implementation of security management solutions is a challenging task. This paper proposes to implement such solutions in an incremental manner starting with key requirements and adding new modules as necessary. A set of key requirements with a focus on cybersecurity threat monitoring and response automation are identified. The capability driven approach is used to describe these requirements in a structured manner. That enables organizations to identify required security management capabilities in alignment with organizational goals. A cybersecurity monitoring and response system is developed on the basis of the capability model. The system uses machine learning models to identify cybersecurity threats, and appropriate response mechanisms are invoked to deal with the threats. It is shown that selection of the right adjustments defined in the capability model significantly affects cybersecurity management efficiency. The use of the machine learning models also allows to adapt the system to handling new cybersecurity threats. The cybersecurity monitoring and response system is compared with the state of the art commercial systems and it is shown to achieve a comparable performance while providing a higher level of flexibility.

Keywords: Cybersecurity1, adaptive cybersecurity2, cybersecurity incident management3, capability management, machine learning5

Received: 25 Aug 2025; Accepted: 31 Oct 2025.

Copyright: © 2025 Minkevics and Grabis. This is an open-access article distributed under the terms of the Creative Commons Attribution License (CC BY). The use, distribution or reproduction in other forums is permitted, provided the original author(s) or licensor are credited and that the original publication in this journal is cited, in accordance with accepted academic practice. No use, distribution or reproduction is permitted which does not comply with these terms.

* Correspondence: Vladislavs Minkevics, vladislavs.minkevics@rtu.lv

Disclaimer: All claims expressed in this article are solely those of the authors and do not necessarily represent those of their affiliated organizations, or those of the publisher, the editors and the reviewers. Any product that may be evaluated in this article or claim that may be made by its manufacturer is not guaranteed or endorsed by the publisher.

Supplementary Material