An extremely useful research paper to help SIM buyers make well-informed decisions on SIM solution selection. Highly recommended. From the Resource:

“The ultimate goal of this paper is simple: help you choose the correct SIM solution for your organization. This paper is not meant to be a comparison of specific offerings of one company or another, but rather a guide to help you through the selection process. Generally, this paper should be helpful to all sized organizations, but is specifically targeted towards small to medium organizations which may not have the resources of their larger counterparts.”

Link to Resource: Log Management SIMetry: A Step by Step Guide to Selecting the Correct Solution [PDF]

Source: Jim Beechey

SIM Resource Guide Section: Security Information Management Purchasing Best Practices

Posted: December 16th, 2009

A detailed look into SIM/SEM solutions evolution into SIEM solutions. Includes detailed examples and a suggested architecture which “separates the data collection, management, and integration from the actual (security information) analysis.”

Link to Resource: The SIEM Architecture | PDF

Source: Jon Oltsik, Senior Analyst, Enterprise Strategy Group

SIM Resource Guide Section: Security Information Management Explored

Posted: December 4th, 2009

A detailed look into the state of Kentucky’s security self-assessment.

From the Resource:

“The first vulnerability assessment performed by Kentucky’s Auditor of Public Accounts tested the security of the Commonwealth’s accounting and reporting system in June 2000. Within minutes, auditors were able to gain administrator control over 14 of 17 system servers. Thus began three years of random, surprise vulnerability tests in 16 state government cabinets and agencies.”

Link to Resource: Vulnerability Assessment becomes Incident Handling in Kentucky’s Transportation Cabinet

Source: Into IT

SIM Resource Guide Section: Security Information Management User Implementations and Success Stories

Posted: November 30th, 2009

“Using log files as an exclusive data source for anticipating, detecting and reacting to data breaches is a bit like reading random pages of War and Peace-it is hard to understand the story when the data is indiscriminate in nature and lacks context.”

Link to Resource: The Case for Data Leakage Prevention Solutions

Source: Jon Oltsik, Senior Analyst, Enterprise Strategy Group

SIM Resource Guide Section: Security Information Management Quotes by Analysts

Posted: November 27th, 2009

An intriguing look into the adoption and perceived value of Security Information Management. More than 1,000 organizations were surveyed on their information security practices and beliefs. Figure 10 on PDF page 7 shows the adoption rates of SEM by leaders and laggards in the study.

Link to Resource: The Impact of IT Security Attitudes

Source: The Register

SIM Resource Guide Section: Security Information Management User Readiness and Adoption

Posted: November 19th, 2009

“…the only way to demonstrate risk reduction and security performance is to have an effective Security Information and Event Management (SIEM) program.”

Link to Resource: The Precarious State of Security in Asia

Source: Andrew Walls, Gartner

SIM Resource Guide Section: Security Information Management Quotes by Analysts

Posted: November 18th, 2009

As part of a valuable look at SIEM’s role in compliance, the author shares the following:

“Though not initially developed as compliance solutions, most SIEM tools are moving in the compliance management direction. Right now, it appears that the SIEM tool is well-positioned, since it is focused on the security health of all the key components of the IT organization: all components that affect compliance.”

Link to Resource: The Path to Continuous Compliance Management

Source: Ted Ritter, Nemertes Research

SIM Resource Guide Section: Security Information Management Quotes by Analysts

Posted: November 16th, 2009

A classic look at the basics of SIM including a look at real-time vs. Forensic SIM. From the Resource:
“Forensic-focused SIM: Expert Data Mining, Pure Log Storage, ‘Low and Slow’ Detection, Postevent Analysis, Long-term Coverage, Limited Automation, Limited Correlation.”

Resource: Security Information Management: Not Just the Next Big Thing

Source: Nicole Pauls, Information Systems Audit and Control Association

SIM Resource Guide Section: Security Information Management – What is it?

Posted: November 13th, 2009

An interesting look at the US Air Force’s SIM application, including user-specific SIM challenges, implementation architecture and impact.

Resource: Security Information Management for Enclave Networks

Source: Rosalie McQuaid, Mitre Networks

SIM Resource Guide Section: Security Information Management User Implementations and Success Stories

Posted: November 12th, 2009

“The last few years we have seen a rise of log management and SIEM solutions aimed at compliance-aware organizations. … With software in the cloud, network, system and application logs are no longer easily accessible by IT organizations. They either have to negotiate access to these logs during contract time, or they have find new ways of monitoring user activities. Given that the IT organizations don’t ‘own’ the software, it makes it even more difficult to ‘hack’ around the system. Without access logs, IT organizations may not be able to answer simple questions from auditors, such as ‘who have accessed the financial information in the past quarter?’”

Link to Resource: Tough Security Questions for SaaS Providers

Source: Cloud Feed

SIM Resource Guide Section: Security Information Management Best Practices

Posted: November 11th, 2009