Information Security Management

zrinjevac3 

 

 

SIEM (Security Information and Event Management) is the most complex system of information security. Implementation of SIEM refers to the deep insight into the technical and organizational settings, the IT system.

 

 

 


 

 

SIEM system management security information and events handled:

  • Provides centralized access to safety and regulatory information in the company
  • Detects and resolves security threats and regulatory violations in real time
  • Includes display system status in real time along with historical reports
  • Follows the interdependence of events and detect problems and threats.

 

PDCA Model

Establishment of SIEM refers to the deep insight into the technical and organizational system settings.

PDCA model (Plan, Do, Check, Act) includes the planning, implementation, evaluation and improvement of methods of SIEM. Establishment of SIEM is a dynamic proces dependent on the given parameters (SLA, legislation, standardization, specific user requirements, etc.)

From the PDCA cycle is evident that the risk assessment is crucial to examine the effectiveness of SIEM SIEM, should eventually become a benchmark in checking the performance of security solutions..


Working processes

Establishment of a single security system requires a clear definition of work processes and their monitoring. Work processes are essential parts of the business and should be treated as the greatest value to the organization.

Managing business processes and their safety includes:

  • parameters of priorities,
  • risk assessment,
  • definitions of incidents in the business process,
  • definition of ways of dealing with incidents,
  • definition statements


To effectively increase the efficiency and effectiveness of the project the key performance indicators will be introduced (process effectiveness and efficiency of the process is described by key performance indicators,).

The analysis of business process performance is the basis for the adoption of preventive and corrective action guidelines, which assist in the process of further improving of the business processes.


SIEM System

SIEM system management security information and events handled:

provides centralized access to safety and regulatory information in the company
detects and resolves security threats and regulatory violations in real time
includes display system status in real time along with historical reports
follows the interdependence of events and detect problems and threats
SIEM System Components

 

SIEM system consists of:

  • subsystems for data collection from the security devices
  • correlation subsystem
  • control subsystem
  • subsystem for active reporting
  • incidents detect and resolve subsystem
  • data store subsystems
  • communication subsystems (Message Bus)

Connected Systems

In a system for managing information security for complete information of business processes is necessary to unify control systems for:

  • management system events
  • identity and access management
  • manage security information and events

In the second phase of implementation the consolidation of above mentioned systems is to be established.


Integration with individual control system

SIEM gathers information, sets correlations, , treats the incidents in real time and prepares reports for the following types of security subsystems and devices:

  • Firewall subsystem
  • Intrusion prevention subsystem
  • Intrusion detection subsystem
  • Switching subsystem
  • Routing subsystem
  • Incident handling subsystem
  • Authentication subsystem
  • Monitoring of a security policy subsystem
  • Patch management subsystem
  • Antivirus subsystem
  • Vulnerability assessment subsystem
  • VPN subsystem
  • Operating Systems
  • ERP Systems
  • Web Subsystems
  • Directory systems
  • Mainframe systems
  • Databases, etc.


Conclusion

'Manual' data collection, in comparison with the established rules and safety policies is very time consuming and requires many hours, and as a result, often shows a discrepancy between the overall findings on safety and security requirements prescribed by the policy.
Efforts to control the system manualy often create vulnerabilities in real time and it't impossible to improve compliance with regulations. The overall result is a loss of business, fines and penalties, and often a loss of reputation.
As a result of SIEM, the metrics of safety and key performance indicators of critical IT infrastructure will be established.