“1) Establish a cross-department steering committee first, to ensure all parties are onside. 2) Build a security baseline: assess activities & risks, prioritise them, and how you’ll remediate. 3) Simplify the network before installing large management systems to shorten implementation time, reduce event numbers and raise input quality for SIEM. 4) Boost signal to noise ratios for reduced hardware load and fewer events. 5) Phase the roll-out. 6) People and procedures are vital for successful deployment.”

Resource: Perfect SIEM Preparation: The Crib Sheet

Source: Jason Holloway, Help Net Security

SIM Resource Guide Section: Security Information Management Best Practices