Security Information Management (SIM) Success Stories and Case Studies
Examples, insight and guidance from expert users at organizations who have implemented Security Information Management (SIM, including SEM/SIEM). Benefit from these users' SIM-specific lessons learned, mistakes and tips while learning about SIM costs, benefits and technical implementation details. These success stories and case studies are some of the most popular Resources in the SIM Resource Guide.
| Enterprise Security Tactical Plan |
| A insightful, real-life document that describes the State of Minnesota's two-year enterprise security tactical plan. The document prioritizes the tactical initiatives for the management, control, and protection of information assets and highlights SIEM as a key component of the plan, which has the following strategic principles: - Improved situational awareness, which includes continuous system monitoring and assessment of controls; - Proactive risk management, such as solidly articulated requirements and ongoing security training; and - Robust crisis and security incident management, which allows critical services to continue uninterrupted in a crisis. |
| State of Minnesota |
| A Practical Application of SIM/SEM/SIEM Automating Threat Identification |
| A 39-page Resource on the key aspects of SIM implementation, including two case studies. From the Resource: "In this case, using a SIEM allows the company's security team (2 people in an IT staff of 5), to respond to 170 critical and major alerts per day (likely to decrease as the worst offenders are firewalled out, and the worst offenses dealt with), rather than nearly 400,000." |
| David Swift, SANS Institute |
| Career Education Corp. Gets Smart on IT Security |
| An in-depth look at an organization's success implementing SIM. Includes detailed implementation information and quantification of benefits including, "Among the many benefits of CEC's estimated $ 400,000 [SIM] investment are SOX compliance and comprehensive reporting, combined external and internal threat management, improved security-threat response time, and increased ROI on IT resources." |
| Michael Gabriel, Career Education Corporation |
