//
you're reading...
Information Security, IT & TECHNOLOGY

The Benefits of Effective SIEM Policy Development


ISACA-Logo

There is an imbalance between technical issues and process aspects related to security information and event management (SIEM). This gap is the root cause of some skepticism with and disappointment in SIEM.

Be aware that before implementing SIEM, it is necessary to establish the basis of the information security management system (ISMS), which includes considering the global management commitment, asset inventory and categorization, and risk assessment.

The SIEM process consists of following 5-step cycle:

  • SIEM policy establishment
  • SIEM infrastructure provision
  • Event treatment
  • Checking
  • Correction

This SIEM approach is based on the plan-do-check-act (PDCA) cycle. Consider the first step, “SIEM Policy Establishment.” Upper management should demonstrate a commitment to the ISMS, including SIEM, by ensuring the SIEM policy is established and is compatible with the business direction, context and risk approach. Usually, the chief information security officer (CISO) prepares this internal policy and obtains the approval of all stakeholders. This policy should be mapped with existing internal policies, such as defining detailed event lists into standard and baselines for servers and network tools.

The SIEM policy should contain these basic components:

  • Purpose of the policy
  • Scope of the SIEM infrastructure
  • Responsibilities of involved individuals
  • Compliance

The SIEM has become the core of an ISMS and security operation centers (SOC), but it is unwise to rely on just the technical aspects of SIEM. The SIEM policy is essential for ensuring effective SIEM within an ISMS. The time used for SIEM policy development is worthwhile; it will save effort in future steps.

Read Aleksandr Kuznetcov’s recent Journal article:
Security Information and Event Management Policy,” ISACA Journal, volume 3, 2016.

Aleksandr Kuznetcov, CISM

[ISACA Journal Author Blog]

About @PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Web Stats

  • 113,418 hits
@PhilipHungCao

@PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 1,954 other followers

Twitter Updates

Archives

May 2016
M T W T F S S
« Apr   Jun »
 1
2345678
9101112131415
16171819202122
23242526272829
3031  
%d bloggers like this: