What is involved in SIEM
Find out what the related areas are that SIEM connects with, associates with, correlates with or affects, and which require thought, deliberation, analysis, review and discussion. This unique checklist stands out in a sense that it is not per-se designed to give answers, but to engage the reader and lay out a SIEM thinking-frame.
How far is your company on its SIEM journey?
Take this short survey to gauge your organization’s progress toward SIEM leadership. Learn your strongest and weakest areas, and what you can do now to create a strategy that delivers results.
To address the criteria in this checklist for your organization, extensive selected resources are provided for sources of further research and information.
Start the Checklist
Below you will find a quick checklist designed to help you think about which SIEM related domains to cover and 137 essential critical questions to check off in that domain.
The following domains are covered:
SIEM, Security information and event management, Analytics, Anti-virus, Apache Hadoop, Big data, Chaos Communication Congress, Computer data storage, Computer security, Computer virus, Cyberwarfare, Data retention, Directory services, IT risk, Log management, Regulatory compliance, Security event manager, Security information management, Threat, Vulnerability, Zero-day:
SIEM Critical Criteria:
Explore SIEM strategies and correct SIEM management by competencies.
– Do we aggressively reward and promote the people who have the biggest impact on creating excellent SIEM services/products?
– Who is responsible for ensuring appropriate resources (time, people and money) are allocated to SIEM?
Security information and event management Critical Criteria:
Grasp Security information and event management goals and suggest using storytelling to create more compelling Security information and event management projects.
– What management system can we use to leverage the SIEM experience, ideas, and concerns of the people closest to the work to be done?
– How can you measure SIEM in a systematic way?
Analytics Critical Criteria:
Co-operate on Analytics tasks and probe Analytics strategic alliances.
– Does the company have a standard definition of Employee that includes full-time, part-time, contract, onleave, hired, retired, etc?
– How will HR work with managers to gain an understanding of why a metric is moving as it is?
– What specific aspects of our culture are impeding us in providing better Customer Service?
– Did a newly introduced employee benefit have a positive effect on employee engagement?
– Is our employee rewards/recognition program more successful for certain functions?
– Do HR systems educate leaders about the quality of their human capital decisions?
– Social Data Analytics Are you integrating social into your business intelligence?
– What interventions would be most effective in reducing high levels of turnover?
– What is the difference between business intelligence and business analytics?
– What are the characteristics of managers with the highest employee loyalty?
– what is the difference between Data analytics and Business Analytics If Any?
– Who owns the specific data/metrics that senior leaders are focused?
– Does your organization have a strategy on big data or data analytics?
– How can we promote retention of high performing employees?
– But what if one department was extremely high performing?
– Are we doing enough to encourage informal learning?
– What does the pyramid of information look like?
– What are the best social crm analytics tools?
– Isnt big data just another way of saying analytics?
Anti-virus Critical Criteria:
Deliberate Anti-virus engagements and do something to it.
– Does each mobile computer with direct connectivity to the internet have a personal firewall and anti-virus software installed?
– Is anti-virus software installed on all computers/servers that connect to your network?
– What knowledge, skills and characteristics mark a good SIEM project manager?
– Is the anti-virus software package updated regularly?
– What are the Essentials of Internal SIEM Management?
Apache Hadoop Critical Criteria:
Scan Apache Hadoop outcomes and optimize Apache Hadoop leadership as a key to advancement.
– Does SIEM analysis show the relationships among important SIEM factors?
– Are assumptions made in SIEM stated explicitly?
– Does SIEM appropriately measure and monitor risk?
Big data Critical Criteria:
Accumulate Big data failures and probe the present value of growth of Big data.
– What are the particular research needs of your organization on big data analytics that you find essential to adequately handle your data assets?
– If this nomination is completed on behalf of the customer, has that customer been made aware of this nomination in advance of this submission?
– Wheres the evidence that using big data intelligently will improve business performance?
– How to identify relevant fragments of data easily from a multitude of data sources?
– How can the best Big Data solution be chosen based on use case requirements?
– How close to the edge can we push the filtering and compression algorithms?
– What analytical tools do you consider particularly important?
– How fast can we affect the environment based on what we see?
– Big Data: what is different from large databases?
– Is the need persistent enough to justify development costs?
– Can we really afford to store and process all that data?
– What are our tools for big data analytics?
– what is Different about Big Data?
– What is Advanced Analytics?
– Are we Using Data To Win?
– What is Big Data to us?
– What are we missing?
Chaos Communication Congress Critical Criteria:
Reorganize Chaos Communication Congress goals and observe effective Chaos Communication Congress.
– How do you determine the key elements that affect SIEM workforce satisfaction? how are these elements determined for different workforce groups and segments?
– Is SIEM Realistic, or are you setting yourself up for failure?
– What are the short and long-term SIEM goals?
Computer data storage Critical Criteria:
Check Computer data storage quality and look in other fields.
– Who will provide the final approval of SIEM deliverables?
– What are the usability implications of SIEM actions?
Computer security Critical Criteria:
Analyze Computer security decisions and interpret which customers can’t participate in Computer security because they lack skills.
– Does your company provide end-user training to all employees on Cybersecurity, either as part of general staff training or specifically on the topic of computer security and company policy?
– What are your results for key measures or indicators of the accomplishment of your SIEM strategy and action plans, including building and strengthening core competencies?
– Consider your own SIEM project. what types of organizational problems do you think might be causing or affecting your problem, based on the work done so far?
– Will the selection of a particular product limit the future choices of other computer security or operational modifications and improvements?
– How would one define SIEM leadership?
Computer virus Critical Criteria:
Focus on Computer virus decisions and find answers.
Cyberwarfare Critical Criteria:
Survey Cyberwarfare strategies and gather practices for scaling Cyberwarfare.
– Think about the functions involved in your SIEM project. what processes flow from these functions?
– How can you negotiate SIEM successfully with a stubborn boss, an irate client, or a deceitful coworker?
– Do we monitor the SIEM decisions made and fine tune them as they evolve?
Data retention Critical Criteria:
Administer Data retention decisions and balance specific methods for improving Data retention results.
– Traditional data protection principles include fair and lawful data processing; data collection for specified, explicit, and legitimate purposes; accurate and kept up-to-date data; data retention for no longer than necessary. Are additional principles and requirements necessary for IoT applications?
– Marketing budgets are tighter, consumers are more skeptical, and social media has changed forever the way we talk about SIEM. How do we gain traction?
– Who needs to know about SIEM ?
– What are current SIEM Paradigms?
Directory services Critical Criteria:
Examine Directory services risks and test out new things.
– How can we incorporate support to ensure safe and effective use of SIEM into the services that we provide?
– Is there any existing SIEM governance structure?
– What are specific SIEM Rules to follow?
IT risk Critical Criteria:
Accumulate IT risk tasks and observe effective IT risk.
– What impact has emerging technology (e.g., cloud computing, virtualization and mobile computing) had on your companys ITRM program over the past 12 months?
– Structure/process risk -What is the degree of change the new project will introduce into user areas and business procedures?
– To what extent is your companys approach to ITRM aligned with the ERM strategies and frameworks?
– Risk Categories: What are the main categories of risks that should be addressed on this project?
– In your opinion, how effective is your company at conducting the risk management activities?
– People risk -Are people with appropriate skills available to help complete the project?
– Estimate the change in financial investment for ITRM activities in the next 12 months?
– How does your company report on its information and technology risk assessment?
– Does the IT Risk Management framework align to a three lines of defense model?
– Do you have a defined operating model with dedicated resources for IT risk?
– How good is the enterprise at performing the IT processes defined in CobiT?
– Do the SIEM decisions we make today help people and the planet tomorrow?
– How often are information and technology risk assessments performed?
– To what extent are you involved in ITRM at your company?
– How much system downtime can the organization tolerate?
– What drives the timing of your risk assessments?
– Does your company have a formal ITRM function?
– What is the system-availability requirement?
– Risk Communication what to Communicate?
– How will we pay for it?
Log management Critical Criteria:
Pay attention to Log management decisions and separate what are the business goals Log management is aiming to achieve.
– What will be the consequences to the business (financial, reputation etc) if SIEM does not go ahead or fails to deliver the objectives?
– Are there SIEM problems defined?
– How can we improve SIEM?
Regulatory compliance Critical Criteria:
Think carefully about Regulatory compliance issues and look at the big picture.
– Does SIEM include applications and information with regulatory compliance significance (or other contractual conditions that must be formally complied with) in a new or unique manner for which no approved security requirements, templates or design models exist?
– In the case of public clouds, will the hosting service provider meet their regulatory compliance requirements?
– Regulatory compliance: Is the cloud vendor willing to undergo external audits and/or security certifications?
– What is the total cost related to deploying SIEM, including any consulting or professional services?
– Are we making progress? and are we making progress as SIEM leaders?
– What is Regulatory Compliance ?
Security event manager Critical Criteria:
Guide Security event manager governance and document what potential Security event manager megatrends could make our business model obsolete.
– Have the types of risks that may impact SIEM been identified and analyzed?
Security information management Critical Criteria:
Interpolate Security information management quality and be persistent.
– Can we add value to the current SIEM decision-making process (largely qualitative) by incorporating uncertainty modeling (more quantitative)?
– How can the value of SIEM be defined?
Threat Critical Criteria:
Boost Threat quality and adopt an insight outlook.
– Is there a person at your organization who coordinates responding to threats and recovering from them?
– How can you tell if the actions you plan to take will contain the impact of a potential cyber threat?
– Is there a person at your organization who assesses vulnerabilities, consequences, and threats?
– How do we decide which activities to take action on regarding a detected Cybersecurity threat?
– Is there a person at our organization who assesses vulnerabilities, consequences, and threats?
– What threats are applicable in the environment in which the system will be operational?
– How do we know that any SIEM analysis is complete and comprehensive?
– How do you assess threats to your system and assets?
– Can we adapt to a changing threat environment?
– What can be done to mitigate threats?
– What are the threats?
Vulnerability Critical Criteria:
Transcribe Vulnerability management and reinforce and communicate particularly sensitive Vulnerability decisions.
– Does your organization perform vulnerability assessment activities as part of the acquisition cycle for products in each of the following areas: Cybersecurity, SCADA, smart grid, internet connectivity, and website hosting?
– What are the key elements of your SIEM performance improvement system, including your evaluation, organizational learning, and innovation processes?
– Is cardholder data deleted or destroyed before it is physically disposed (for example, by shredding papers or degaussing backup media)?
– Are account numbers (in databases, logs, files, backup media, etc.) stored securely for example, by means of encryption or truncation?
– Is a vulnerability scan or penetration test performed on all internet-facing applications and systems before they go into production?
– Is payment card account information stored in a database located on the internal network (not the dmz) and protected by a firewall?
– Are all changes to the production environment and applications formally authorized, planned, and logged before being implemented?
– Are the firewall, router, wireless access points, and authentication server logs regularly reviewed for unauthorized traffic?
– Are development, testing, and production systems updated with the latest security-related patches released by the vendors?
– Are web servers located on a publicly reachable network segment separated from the internal network by a firewall (dmz)?
– Are vendor default security settings changed on production systems before taking the system into production?
– Is a firewall used to protect the network and limit traffic to that which is required to conduct business?
– Is all cardholder data printed on paper or received by fax protected against unauthorized access?
– Can the administrator perform an update of the scanners vulnerability database whenever needed?
– Are all but the last four digits of the account number masked when displaying cardholder data?
– Are group, shared, or generic accounts and passwords prohibited for non-consumer users?
– Wep keys, ssid, passwords, snmp community strings, disabling ssid broadcasts)?
– Is encryption used in the transmission of account numbers via e-mail?
– How do we compare outside our industry?
– How are we trending over time?
Zero-day Critical Criteria:
Think carefully about Zero-day quality and change contexts.
– How likely is the current SIEM plan to come in on schedule or on budget?
– How do we go about Securing SIEM?
This quick readiness checklist is a selected resource to help you move forward. Learn more about how to achieve comprehensive insights with the SIEM Self Assessment:
Author: Gerard Blokdijk
CEO at The Art of Service | theartofservice.com
Gerard is the CEO at The Art of Service. He has been providing information technology insights, talks, tools and products to organizations in a wide range of industries for over 25 years. Gerard is a widely recognized and respected information expert. Gerard founded The Art of Service consulting business in 2000. Gerard has authored numerous published books to date.
To address the criteria in this checklist, these selected resources are provided for sources of further research and information:
SIEM External links:
SIEM & Log Monitoring Software by Snare
Sweeps: Siem Reap 2017 – Landing Page | Travel + Leisure
Security information and event management External links:
A Guide to Security Information and Event Management
Analytics External links:
SHP: Strategic Healthcare Programs | Real-Time Analytics
Google Analytics Solutions – Marketing Analytics & …
Anti-virus External links:
Kaspersky Anti-Virus – Download
Anti-Virus/Anti-Spyware Solutions: Home Use
www.disa.mil › … › Anti-Virus/Anti-Spyware Solutions › Home Use
Anti-virus software is a program or set of programs that are designed to prevent, search for, detect, and remove software viruses, and other malicious software like worms, trojans, adware, and more.
Apache Hadoop External links:
Apache Hadoop – Official Site
Big data External links:
Presto | Distributed SQL Query Engine for Big Data
Databricks – Making Big Data Simple
Take 5 Media Group – Build an audience using big data
Chaos Communication Congress External links:
34th chaos communication congress • r/34c3 – reddit
Chaos Communication Congress 2003 – Internet Archive
MAKE @ 24C3 – 24th Chaos Communication Congress
Computer data storage External links:
ELSYM5 Manual | Computer Data Storage | Materials
Computer security External links:
[PDF]An Introduction to Computer Security: The NIST …
Computer Security Tools & Downloads – TechNet Security
[PDF]Computer Security Incident Handling Guide
Computer virus External links:
Computer Viruses – AbeBooks
Don’t fall for this computer virus scam! – May. 12, 2017
Free computer viruses Essays and Papers – 123HelpMe
Data retention External links:
Data Retention – AbeBooks
[PDF]Data Retention and Destruction Policy
Directory services External links:
North American Directory Services – Guest Directories
IT risk External links:
Magic Quadrant for IT Risk Management Solutions
IT Risk Management – Gartner
IT Risk Management and Compliance Solutions | Telos
Log management External links:
Log Management And Analytics | vRealize Log Insight | VMware
Home | High Performance Log Management Solutions
Data Operations, Log Management & Analytics | Logtrust
Regulatory compliance External links:
Chemical Regulatory Compliance – ChemADVISOR, Inc.
Certified Regulatory Compliance Manager (CRCM)
Regulatory Compliance Training, GRC Advisory, …
Security event manager External links:
GE Digital Energy : CyberSentry SEM Security Event Manager
Al Chavez – Security Event Manager and Personal …
LogLogic Security Event Manager | Tibco LogLogic
Security information management External links:
[PDF]Security Information Management System – …
SIMS Software – Security Information Management …
Threat External links:
Zimperium: Mobile Threat Defense
Deception-Based Threat Detection – Attivo Networks
Threat Intelligence Platform | Anomali
Vulnerability External links:
ATSDR – The Social Vulnerability Index (SVI) – Home Page
WPA2 Security (KRACKs) Vulnerability Statement – TP-Link
BitLocker mitigation plan for vulnerability in TPM
Zero-day External links:
Recent Zero-Day Exploits | FireEye
ZERODIUM – Tor Browser Zero-Day Exploit Bounty 2017 …