Preparation 1

Since a couple of years, SIEM (Security Information and Event Management) has been a big hit in the information security field.
These products are used for a variety of practical applications ranging from information Security Incident Analysis, Incident Management, Log Management, Information Technology Forensics and Automated Risk Assessment.
The products though, look very useful, are very complex and expensive, do not directly generate revenue, nor do they actively stop any losses to the business.
Hence it is difficult to justify its deployment.
That is why information security professionals find it difficult to build a strong business case for their deployment.
Here are a few points – that will help to build an effective business case for SIEM implementation in your environment.

1. As usual with any information security implementations, understand the business objectives and how information technology is supporting it.
   

The SIEM implementation requires considerable time, it is wise to take this time into account when calculating its value, the time required may range from few months to even few years depending on the size of your IT infrastructure. Normally, this time-frame can be broken down in stages – e.g. planning, installation, configuration, tuning, preliminary reporting, fine-tuning and final reporting.
The first phase “Planning” is very important. A 3-dimensional vision is necessary for this phase and in case of a large enterprise environment a group of Subject Matter Experts (SMEs) should be consulted.