4. When implementing SIEM, one should have a clear understanding of information security model.
But what is information security model?
A security model covers how security is to be implemented or maintained.
It is a document which states everything about the requirements to implement, maintain and support all the information security policies.
As an example let us assume that an internet use policy states that only company employees who require the internet for business can have internet access, to only those websites which the user must have a business justification.
Now, our information security model will have a related table that describes who can have access to internet and what websites. (Required to impose the internet use policy, right?)
Now you also may have got the idea why I said “When implementing SIEM, one should have a clear understanding of information security model.”
SIEM itself has a function of near real time monitoring of security and hence it will have information about this model in the form of various configurations.
