What is involved in SIEM
Find out what the related areas are that SIEM connects with, associates with, correlates with or affects, and which require thought, deliberation, analysis, review and discussion. This unique checklist stands out in a sense that it is not per-se designed to give answers, but to engage the reader and lay out a SIEM thinking-frame.
How far is your company on its SIEM journey?
Take this short survey to gauge your organization’s progress toward SIEM leadership. Learn your strongest and weakest areas, and what you can do now to create a strategy that delivers results.
To address the criteria in this checklist for your organization, extensive selected resources are provided for sources of further research and information.
Start the Checklist
Below you will find a quick checklist designed to help you think about which SIEM related domains to cover and 149 essential critical questions to check off in that domain.
The following domains are covered:
SIEM, Security information and event management, Analytics, Anti-virus, Apache Hadoop, Big data, Chaos Communication Congress, Computer data storage, Computer security, Computer virus, Cyberwarfare, Data retention, Directory services, IT risk, Log management, Regulatory compliance, Security event manager, Security information management, Threat, Vulnerability, Zero-day:
SIEM Critical Criteria:
Recall SIEM management and tour deciding if SIEM progress is made.
– What are your key performance measures or indicators and in-process measures for the control and improvement of your SIEM processes?
– What prevents me from making the changes I know will make me a more effective SIEM leader?
– What are the top 3 things at the forefront of our SIEM agendas for the next 3 years?
Security information and event management Critical Criteria:
Use past Security information and event management leadership and get out your magnifying glass.
– A compounding model resolution with available relevant data can often provide insight towards a solution methodology; which SIEM models, tools and techniques are necessary?
– Is the SIEM organization completing tasks effectively and efficiently?
– What are internal and external SIEM relations?
Analytics Critical Criteria:
Consult on Analytics failures and report on the economics of relationships managing Analytics and constraints.
– Is there a need in the organization to utilize analytics by internal customers (senior executives to front-line managers)?
– What is it that we do not know that could fundamentally change the environment in which we work?
– Do the drivers of employee engagement differ significantly in different regions of the world?
– What is the biggest value proposition for new BI or analytics functionality at your company?
– Are there certain employees who have the right characteristics to be moved into sales?
– Is pay by itself adequate to effectively attract, motivate, and retain employees?
– Start with your objective(s): What do you want to find out in a strategic sense?
– What interventions would be most effective in reducing high levels of turnover?
– How can we identify those employees best suited to be promoted to manager?
– What is the important thing that human resources management should do?
– How do you decide the likelihood something is going to happen?
– Are there metrics or analytics tools or recording features?
– Why is there so much focus on transparency and direction?
– What was the impact of a certain training intervention?
– Should we even be focusing on employee engagement?
– What is so special about workforce intelligence?
– Does your company use HCMs in a scorecard?
– Is there a plan for search analytics?
– Are we hiring according to plan?
– Can you trust the algorithm?
Anti-virus Critical Criteria:
Study Anti-virus planning and find out what it really means.
– What are your current levels and trends in key measures or indicators of SIEM product and process performance that are important to and directly serve your customers? how do these results compare with the performance of your competitors and other organizations with similar offerings?
– Does each mobile computer with direct connectivity to the internet have a personal firewall and anti-virus software installed?
– Is anti-virus software installed on all computers/servers that connect to your network?
– Is the anti-virus software package updated regularly?
– What are the long-term SIEM goals?
Apache Hadoop Critical Criteria:
Tête-à-tête about Apache Hadoop tasks and forecast involvement of future Apache Hadoop projects in development.
– How can we incorporate support to ensure safe and effective use of SIEM into the services that we provide?
– Does SIEM analysis show the relationships among important SIEM factors?
– How is the value delivered by SIEM being measured?
Big data Critical Criteria:
Check Big data goals and achieve a single Big data view and bringing data together.
– Do you see the need to support the development and implementation of technical solutions that are enhancing data protection by design and by default?
– Have we let algorithms and large centralized data centres not only control the remembering but also the meaning and interpretation of the data?
– What are the main obstacles that prevent you from having access to all the datasets that are relevant for your organization?
– In which area(s) do data integration and BI, as part of Fusion Middleware, help our IT infrastructure?
– Does big data threaten the traditional data warehouse business intelligence model stack?
– Which core Oracle Business Intelligence or Big Data Analytics products are used in your solution?
– Do we understand public perception of transportation service delivery at any given time?
– Quality vs. Quantity: What data are required to satisfy the given value proposition?
– Does your organization have the right analytical tools to handle (big) data?
– Is SIEM dependent on the successful delivery of a current project?
– What is the contribution of subsets of the data to the problem solution?
– How much data is really relevant to the problem solution?
– Does your organization buy datasets from other entities?
– What are our tools for big data analytics?
– How to model context in a computational environment?
– How do we measure value of an analytic?
– Wait, DevOps does not apply to Big Data?
– How do I get to there from here?
– what is Different about Big Data?
– What can it be used for?
Chaos Communication Congress Critical Criteria:
Use past Chaos Communication Congress management and arbitrate Chaos Communication Congress techniques that enhance teamwork and productivity.
– Does SIEM include applications and information with regulatory compliance significance (or other contractual conditions that must be formally complied with) in a new or unique manner for which no approved security requirements, templates or design models exist?
– What are our best practices for minimizing SIEM project risk, while demonstrating incremental value and quick wins throughout the SIEM project lifecycle?
– Who will be responsible for making the decisions to include or exclude requested changes once SIEM is underway?
Computer data storage Critical Criteria:
Probe Computer data storage visions and integrate design thinking in Computer data storage innovation.
– Think of your SIEM project. what are the main functions?
– What are current SIEM Paradigms?
– How much does SIEM help?
Computer security Critical Criteria:
Tête-à-tête about Computer security quality and secure Computer security creativity.
– Does your company provide end-user training to all employees on Cybersecurity, either as part of general staff training or specifically on the topic of computer security and company policy?
– Consider your own SIEM project. what types of organizational problems do you think might be causing or affecting your problem, based on the work done so far?
– Will the selection of a particular product limit the future choices of other computer security or operational modifications and improvements?
– How do mission and objectives affect the SIEM processes of our organization?
– Why are SIEM skills important?
Computer virus Critical Criteria:
X-ray Computer virus failures and probe using an integrated framework to make sure Computer virus is getting what it needs.
– How can you measure SIEM in a systematic way?
Cyberwarfare Critical Criteria:
Survey Cyberwarfare adoptions and research ways can we become the Cyberwarfare company that would put us out of business.
– How will we insure seamless interoperability of SIEM moving forward?
Data retention Critical Criteria:
Jump start Data retention governance and integrate design thinking in Data retention innovation.
– Traditional data protection principles include fair and lawful data processing; data collection for specified, explicit, and legitimate purposes; accurate and kept up-to-date data; data retention for no longer than necessary. Are additional principles and requirements necessary for IoT applications?
– Do we cover the five essential competencies-Communication, Collaboration,Innovation, Adaptability, and Leadership that improve an organizations ability to leverage the new SIEM in a volatile global economy?
– Who will be responsible for documenting the SIEM requirements in detail?
– Do we have past SIEM Successes?
Directory services Critical Criteria:
Collaborate on Directory services decisions and look in other fields.
– Who is responsible for ensuring appropriate resources (time, people and money) are allocated to SIEM?
– Do we all define SIEM in the same way?
IT risk Critical Criteria:
Boost IT risk tasks and devise IT risk key steps.
– Do you have a good understanding of emerging technologies and business trends that are vital for the management of IT risks in a fast-changing environment?
– Roles and Responsibilities: Who are the individuals responsible for implementing specific tasks and providing deliverables related to risk management?
– By what percentage do you estimate your companys financial investment in ITRM activities will change in the next 12 months?
– Budget and Schedule: What are the estimated costs and schedules for performing risk-related activities?
– What information is generated by, consumed by, processed on, stored in, and retrieved by the system?
– Market risk -Will the new service or product be useful to the organization or marketable to others?
– To what extent is your companys approach to ITRM aligned with the ERM strategies and frameworks?
– What is the effect on the organizations mission if the system or information is not reliable?
– People risk -Are people with appropriate skills available to help complete the project?
– Do you adapt ITRM processes to align with business strategies and new business changes?
– Have you defined IT risk performance metrics that are monitored and reported?
– To what extent are you involved in IT Risk Management at your company?
– What are the requirements for information availability and integrity?
– How much money should be invested in technical security measures ?
– Methodology: How will risk management be performed on projects?
– How important is the system to the user organizations mission?
– User Involvement: Do I have the right users?
– How will we pay for it?
– What could go wrong?
Log management Critical Criteria:
Extrapolate Log management leadership and mentor Log management customer orientation.
– Does SIEM systematically track and analyze outcomes for accountability and quality improvement?
– How does the organization define, manage, and improve its SIEM processes?
– How will you know that the SIEM project has been successful?
Regulatory compliance Critical Criteria:
Derive from Regulatory compliance planning and probe the present value of growth of Regulatory compliance.
– In the case of public clouds, will the hosting service provider meet their regulatory compliance requirements?
– Regulatory compliance: Is the cloud vendor willing to undergo external audits and/or security certifications?
– Will new equipment/products be required to facilitate SIEM delivery for example is new software needed?
– What are the Key enablers to make this SIEM move?
– What is Regulatory Compliance ?
Security event manager Critical Criteria:
Study Security event manager adoptions and do something to it.
– Who is the main stakeholder, with ultimate responsibility for driving SIEM forward?
– Can we do SIEM without complex (expensive) analysis?
– What are the Essentials of Internal SIEM Management?
Security information management Critical Criteria:
Recall Security information management issues and catalog what business benefits will Security information management goals deliver if achieved.
– Is there a SIEM Communication plan covering who needs to get what information when?
– Does SIEM analysis isolate the fundamental causes of problems?
– What potential environmental factors impact the SIEM effort?
Threat Critical Criteria:
Start Threat tasks and change contexts.
– Do we maintain our own threat catalogue on the corporate intranet to remind employees of the wide range of issues of concern to Information Security and the business?
– Does the service provider have facilities in place to ensure continuity of service in the face of environmental threats or equipment failures?
– How hard is it for an intruder to steal confidential data from the cloud providers systems (external threat)?
– How can you tell if the actions you plan to take will contain the impact of a potential cyber threat?
– Does the organization or systems requiring remediation face numerous and/or significant threats?
– What are the record-keeping requirements of SIEM activities?
– Is cloud computing a threat to the real sense of ownership?
– Can we adapt to a changing threat environment?
– How can the threats identified be overcome?
– What can be done to mitigate threats?
– How are our assets threatened?
– What are my security threats?
– What are the threats?
– What threat is SIEM addressing?
Vulnerability Critical Criteria:
Mine Vulnerability results and be persistent.
– Does your organization perform vulnerability assessment activities as part of the acquisition cycle for products in each of the following areas: Cybersecurity, SCADA, smart grid, internet connectivity, and website hosting?
– Are information security policies and other relevant security information disseminated to all system users (including vendors, contractors, and business partners)?
– Has your organization conducted a cyber risk or vulnerability assessment of its information systems, control systems, and other networked systems?
– Are audit logs regularly backed up, secured, and retained for at least three months online and one-year offline for all critical systems?
– Is there a virus scanner installed on all servers and on all workstations, and is the virus scanner regularly updated?
– Are egress and ingress filters installed on all border routers to prevent impersonation with spoofed ip addresses?
– What is the security gap between private cloud cloud computing versus client server computing architectures?
– When an employee leaves the company, are that employees user accounts and passwords immediately revoked?
– Is all cardholder data printed on paper or received by fax protected against unauthorized access?
– Can the administrator perform an update of the scanners vulnerability database whenever needed?
– Are all but the last four digits of the account number masked when displaying cardholder data?
– Are all users required to authenticate using, at a minimum, a unique username and password?
– Does the vendor develop and publish new vulnerability database entries in a timely manner?
– Are security incidents reported to the person responsible for security investigation?
– How do senior leaders actions reflect a commitment to the organizations SIEM values?
– For host vulnerability scanners, do we require agents to be installed on each host?
– Do changes to the firewall need authorization and are the changes logged?
– Is sensitive cardholder data securely disposed of when no longer needed?
– Has we had a vulnerability scan?
– Why should we adopt a SIEM framework?
Zero-day Critical Criteria:
Differentiate Zero-day issues and assess and formulate effective operational and Zero-day strategies.
– What is the total cost related to deploying SIEM, including any consulting or professional services?
– Is SIEM Realistic, or are you setting yourself up for failure?
– Is Supporting SIEM documentation required?
This quick readiness checklist is a selected resource to help you move forward. Learn more about how to achieve comprehensive insights with the SIEM Self Assessment:
Author: Gerard Blokdijk
CEO at The Art of Service | http://theartofservice.com
Gerard is the CEO at The Art of Service. He has been providing information technology insights, talks, tools and products to organizations in a wide range of industries for over 25 years. Gerard is a widely recognized and respected information expert. Gerard founded The Art of Service consulting business in 2000. Gerard has authored numerous published books to date.
To address the criteria in this checklist, these selected resources are provided for sources of further research and information:
SIEM External links:
Enterprise Threat Monitor – SAP IBM QRadar SIEM …
SIEM & Log Monitoring Software by Snare
Sweeps: Siem Reap 2017 – Landing Page | Travel + Leisure
Security information and event management External links:
A Guide to Security Information and Event Management
Analytics External links:
Google Analytics Solutions – Marketing Analytics & …
SHP: Strategic Healthcare Programs | Real-Time Analytics
Anti-virus External links:
Kaspersky Anti-Virus – Download
Anti-Virus/Anti-Spyware Solutions: Home Use
http://www.disa.mil › … › Anti-Virus/Anti-Spyware Solutions › Home Use
Apache Hadoop External links:
Apache Hadoop – Official Site
Big data External links:
ZestFinance.com: Machine Learning & Big Data …
Swiftly – Leverage big data to move your city
Event Hubs – Cloud big data solutions | Microsoft Azure
Chaos Communication Congress External links:
Schedule 34th Chaos Communication Congress
Chaos Communication Congress Pausenmusik – YouTube
23C3 (Chaos Communication Congress) WMV Video : …
Computer data storage External links:
Computer Data Storage Jobs, Employment | Indeed.com
ELSYM5 Manual | Computer Data Storage | Materials
Computer security External links:
Naked Security – Computer Security News, Advice and …
Report a Computer Security Vulnerability – TechNet …
Computer Security | Consumer Information
Computer virus External links:
Title: Computer Virus – Internet Speculative Fiction Database
Computer Viruses – AbeBooks
Data retention External links:
Data retention guidelines – Meta
led to multi-year data retention policies – wired.com
[PDF]XtraMath Data Retention Policy
Directory services External links:
“Directory Services cannot start” error message when …
Active Directory Lightweight Directory Services (AD …
North American Directory Services – Guest Directories
IT risk External links:
IT Risk Management Reporting & Connectors | …
Perform IT Risk Assessment to Improve Your Security Posture
Home | IT Risk Management
Log management External links:
syslog-ng – Open Source log management solution
Log Management And Analytics | vRealize Log Insight | VMware
Log Management & Analysis Software Made Easy | Logentries
Regulatory compliance External links:
Chemical Regulatory Compliance – ChemADVISOR, Inc.
What is regulatory compliance? – Definition from WhatIs.com
Brandywine Drumlabels – GHS Regulatory Compliance …
Security event manager External links:
LogLogic Security Event Manager | Tibco LogLogic
GE Digital Energy : CyberSentry SEM Security Event Manager
Security information management External links:
SIMS Software – Security Information Management …
[PDF]Security Information Management System – …
Threat External links:
Internet Security Threat Report 2017 | Symantec
ISIS, climate change top world threat list – CNNPolitics
Steel stocks shoot up on Trump’s tariff threat – Jul. 13, 2017
Vulnerability External links:
LNK remote code execution vulnerability: June 13, 2017
Vulnerability | Define Vulnerability at Dictionary.com
ATSDR – The Social Vulnerability Index (SVI) – Home Page