Term of Award

Spring 2024

Degree Name

Master of Science, Information Technology

Document Type and Release Option

Thesis (restricted to Georgia Southern)

Copyright Statement / License for Reuse

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.

Department

Department of Information Technology

Committee Chair

Lei Chen

Committee Member 1

Yiming Ji

Committee Member 2

Jongyeop Kim

Abstract

As businesses become more digitalized, the software supply chain (SSC) has grown increasingly vital, yet it's also becoming more vulnerable to cyber threats. This is evident in the recent surge in attacks targeting the SSC. Highlighting the indispensable need for robust SSC security measures, this research emphasizes the importance of securing every facet of the software supply chain to mitigate unauthorized access, data breaches, and the insertion of malicious code. We advocate for the integration of Security Orchestration, Automation, and Response (SOAR) solutions, particularly through low-code or no-code platforms like Robotic Process Automation (RPA) to enhance Security Information and Event Management (SIEM) systems. RPA’s automation capabilities enhance cybersecurity efficiency by streamlining routine security tasks, thereby enabling Security Operations Center (SOC) analysts to focus on strategic security initiatives. Inspired by the MOVEit Transfer cyberattack incident of 2023, this research underscores the financial and operational impacts of SSC vulnerabilities and presents a model with seven key components. We put two components through rigorous testing and demonstration to showcase their integration potential. Our model not only exhibits the cost-effectiveness and scalability of RPA in bolstering security measures but also emphasizes its role in expediting threat detection and response. This research concludes with a proposed automation checklist for SSC security enhancement, detailing the application of RPA in automating specific security tasks, thereby advocating for a more resilient, efficient, and adaptable security infrastructure in the face of evolving cyber threats.

Research Data and Supplementary Material

No

Available for download on Friday, April 18, 2025

Share

COinS