Download (Registration Required, 361K)
Provide feedback on this document
Visit the Incident Management Knowledge Center community
Visit the Information Security Knowledge Center community
Visit the Security Trends Knowledge Center community
View News Release
In today’s information-driven business environment, enterprise systems and processes capture an ever-increasing amount of data. To derive meaningful and actionable information from this data, businesses are compelled to commit significant resources to perform the necessary analysis. While all business areas are impacted to varying degrees, few face a greater challenge than the information security department. To support its mission to protect critical information assets, the information security department must maintain an ongoing process to capture, analyze and subsequently act on log and alert information collected from a wide array of systems across the enterprise. Typically, these data must be analyzed and actionable information extracted and acted on in near real time, placing even greater demands on departmental resources. Security information and event management (SIEM) is an emerging technology solution that has been developed with the goal of introducing greater intelligence and automation into the collection, correlation and analysis of log and alert data, which, in turn, should allow security analysts to focus on what is most important. This white paper provides an overview of SIEM technology, explores the benefits and risks associated with an enterprise’s use of SIEM, and discusses key governance and assurance considerations when deploying an SIEM solution.
Additional resources related to Security Information and Event Management: Business Benefits and Security, Governance and Assurance Perspective: