Audit of outsourced SIEM service Provider
Just wondering if anyone has every audited an outsourced SIEM service provider and are willing to share experience and audit program. Will soon be auditing Dell's SecureWorks which is the outsourced SIEM service provider. SecureWorks receives Events of Interest logs and alerts our security officer of potential incidents for follow up.
Some questions I have are:
1. How do I see the set up of Events of Interest?
2. Dell has agents set up on servers. How can I verify they are safe?
3. How do I verify transmission of log data is via VPN, encrypted or otherwise secured to prevent viewing while in transmission?
4. Any best practices?
Of course I will be looking at the contract, SLAs, and incident handling
You must sign in to rate content.
You must login to leave a comment.