Security information and event management tips

As organizations continue to collect, process and store larger amounts of data from an increasing number of sources, costs related to system and staff resources are soaring.

In a new free white paper ISACA outlines the risks and benefits of SIEM technology, which helps organizations address the issue of data overload.

SIEM technology helps organizations answer two questions:

• Which alerts and logged security events (among the thousands happening on the network each day) require attention?
• How can we extract meaningful and actionable information from the log data collected from the soaring number of devices on our enterprise infrastructure?

According to the ISACA white paper, business benefits of a properly implemented SIEM program are:

• Greater value from investment in security technology
• Reduced capital and operational costs
• Reduced risk of noncompliance
• Broader organizational support for information security
• Increased efficiency of the security team.

While SIEM is primarily a passive system, there are key operational risks related to the procurement, deployment and ongoing management of an SIEM solution. The ISACA white paper outlines nine potential risk scenarios, including:

• Mismatch of SIEM product/platform/deployment model with log data volume, leading to poor system performance
• Ineffective/incomplete processes to respond to events, leading to ignoring or mishandling alerts or other events
• Outsourcing of SIEM to a third party, leading to exposure of sensitive enterprise data
• Insufficient resource allocation to manage SIEM solution, leading to missed, misinterpreted or delayed reaction to alerts and events.

A free copy of the whitepaper is available in PDF format here.