Since a couple of years, SIEM (Security Information and Event Management) has been a big hit in the information security field.
These products are used for a variety of practical applications ranging from information Security Incident Analysis, Incident Management, Log Management, Information Technology Forensics and Automated Risk Assessment.
The products though, look very useful, are very complex and expensive, do not directly generate revenue, nor do they actively stop any losses to the business.
Hence it is difficult to justify its deployment.
That is why information security professionals find it difficult to build a strong business case for their deployment.
Here are a few points – that will help to build an effective business case for SIEM implementation in your environment.
- As usual with any information security implementations,
understand the business objectives and how information technology is
supporting it.
The first phase “Planning” is very important. A 3-dimensional vision is necessary for this phase and in case of a large enterprise environment a group of Subject Matter Experts (SMEs) should be consulted.
When I said SMEs(Subject Matter Experts), Do not confuse this with the SME for SIEM itself!!
ReplyDeleteYou need to consult SMEs, who are expert in variety of fields, everything that you have in your IT infrastructure - applications, hardware, operating systems, databases, etc.
A thorough study of syslog and SNMP protocols will help you a lot.