Security Information Management Resource Guide

Security Information Management Purchasing Best Practices: Security Information Management: Not Just the Next Big Thing

simbuyer — Fri, 04 Jun 2010 16:44:04 +0000

“When shopping for SIM vendors: 1) Learn about the organization, not just the product and its price tag (though SIM products do have a large price variance). 2) Read the customer testimonials to understand what kind of problems customers were able to solve. 3) Make sure the critical assets, such as servers and firewalls, can be covered, but leave room for some flexibility. 4) See a product demonstration, preferably a live system where the flow of data can be seen. 5) Ask questions of the sales team that they may not be able to answer. The purchaser has to live with this product, and he/she needs to be confident that the vendor as a whole is doing what is in his/her best interest and the product is going to address the organization’s needs. 6) Get a feel for how the product is deployed and what the responsibilities are going to be during deployment. It is pretty safe to assume that the SIM vendors have deployed more SIM solutions than the buyer, so they should be able to answer any questions about how they will deploy in the organization’s environment.”

Resource: Security Information Management: Not Just the Next Big Thing

Source: Nicole Pauls, Information Systems Audit and Control Association

SIM Resource Guide Section: Security Information Management Purchasing Best Practices

Security Information Management Best Practices: SIM Lessons Learned Along the Way

simbuyer — Tue, 01 Jun 2010 13:18:41 +0000

Top 5 SIM Mistakes and Misconceptions:

1) Expecting installation of Security Information Management (SIM) software to solve a problem.

2) No definition of the problem to solve with SIM implementation.

3) Failure to define usage (use cases) before work begins.

4) Failure to understand the data available.]

5) Failure to make SIM relevant to business.

Resource: Lessons Learned Along the Way

Source: Tom Chmielarski, Motorola

SIM Resource Guide Section: Security Information Management Best Practices

Security Information Management Best Practices: Perfect SIEM Preparation: The Crib Sheet

simbuyer — Thu, 27 May 2010 15:18:46 +0000

“1) Establish a cross-department steering committee first, to ensure all parties are onside. 2) Build a security baseline: assess activities & risks, prioritise them, and how you’ll remediate. 3) Simplify the network before installing large management systems to shorten implementation time, reduce event numbers and raise input quality for SIEM. 4) Boost signal to noise ratios for reduced hardware load and fewer events. 5) Phase the roll-out. 6) People and procedures are vital for successful deployment.”

Resource: Perfect SIEM Preparation: The Crib Sheet

Source: Jason Holloway, Help Net Security

SIM Resource Guide Section: Security Information Management Best Practices

Cyber Command and Control-Cyber War Foglifter

ajindy — Fri, 21 May 2010 15:34:30 +0000

Deloitte presents an impressive “Cyber War Foglifter” diagram detailing the components of modern IT security threats and defenses. SIEM is shown as a key part of the IT security process (see step six in the diagram).

Link to Resource: Cyber Command and Control – Cyber War Foglifter

Source: Deloitte

SIM Resource Guide Section: Security Information Management Explored

Enterprise Security Tactical Plan – State of Minnesota

ajindy — Sun, 28 Mar 2010 16:45:41 +0000

A insightful, real-life document that describes the State of Minnesota’s two-year enterprise security tactical plan. The document prioritizes the tactical initiatives for the management, control, and protection of information assets and highlights SIEM as a key component of the plan, which has the following strategic principles:
- Improved situational awareness, which includes continuous system monitoring and assessment of controls;
- Proactive risk management, such as solidly articulated requirements and ongoing security training; and
- Robust crisis and security incident management, which allows critical services to continue uninterrupted in a crisis.

Link to Resource: Enterprise Security Tactical Plan PDF

Source: State of Minnesota

SIM Resource Guide Section: Security Information Management User Implementations and Success Stories

The Gartner 2010 CyberThreat Landscape

ajindy — Thu, 11 Mar 2010 15:07:33 +0000

A strategic and data-rich look at the current CyberThreat landscape. This original report is filled with examples, data, graphics and guidance and covers:
- Review of new and expected IT security threats
- Cyber threat taxonomy
- CIO strategies
- Cybercrime as a service – definitions, examples, and data
- Global attack sources
- Critical Security processes
The Resource contains the following recommendations:
- Focus on a two-pronged strategy:
1) Get more efficient at dealing with old threats: platforms, vulnerability avoidance, sourcing.
2) Get more effective at dealing with new threats: Web security gateway, security in the cloud, application control, data protection.
- Institutionalize a threat assessment step in all new business IT projects.
- Protect the business first, demonstrate compliance later. Regulations are rarely a long-term friend to security.

Link to Resource: The Gartner 2010 CyberThreat Landscape

Source: Andrew Walls, Gartner

SIM Resource Guide Section: Security Information Management Explored

SIEM Platform Secures University's Open Network

simbuyer — Tue, 02 Feb 2010 15:13:31 +0000

“[Our SIEM implementation] allows us to be a lot more responsive in taking decisive action in remediating some of the problems we’re seeing. Ideally, we’d love to catch 100% of the problems and vulnerabilities that are out there, but that’s not going to happen, based on just sheer magnitude. But it’s putting us in a position to be alerted when suspicious activities or footprints are noted on the network.”

Resource: SIEM Platform Secures University’s Open Network

Source: Morris Reynolds, Director of Information Security and Access Management, Wayne State University

SIM Resource Guide Section: Security Information Management Quotes by Users

Security Information Management User Readiness and Adoption: Demanding More from Log Management Systems

simbuyer — Mon, 11 Jan 2010 12:00:07 +0000

An insightful survey which takes a data-intensive look into what enterprises are doing with log management. Questions include:

- Why does log data matter?
- Why are people collecting log data?
- How are organizations using log data?
- What are companies using for log management?
- What are the pain points with log analysis?

Highly recommended.

Link to Resource: Demanding More from Log Management Systems

Source: Jerry Shenk, SANS

SIM Resource Guide Section: Security Information Management User Readiness and Adoption

Are SIEM and Log Management the Same Thing?

simbuyer — Wed, 30 Dec 2009 15:18:18 +0000

“…we believe there is room for both traditional log management tools and the real-time analysis capabilities provided by SIEM tools, but we suspect that organizations would prefer to go to a single vendor for both. Clearly organizations have to solve the first problem (log management) in order to address the second (analysis and monitoring), but the wise purchaser will know that after the first problem is addressed the second will become immediately apparent. Plan accordingly.”

Resource: Are SIEM and Log Management the Same Thing?

Source: Greg Shipley, CIO Magazine

SIM Resource Guide Section: Security Information Management Purchasing Best Practices

Security Information Event Management Security Development Life Cycle

simbuyer — Mon, 28 Dec 2009 13:00:26 +0000

A comprehensive and usable Resource that presents a Security Development Life Cycle to guide users through pre- and post-deployment considerations for a SIEM installation. Highly recommended. Includes many best practices and specific guidance. Sections include:

Project planning
Systems analysis
Systems design
Implementation
Integration and testing
Acceptance and Deployment
Maintenance

Resource: Security Information/Event Management Security Development Life Cycle

Source: The SANS Institute

SIM Resource Guide Section: Security Information Management Best Practices