What is involved in SIEM
Find out what the related areas are that SIEM connects with, associates with, correlates with or affects, and which require thought, deliberation, analysis, review and discussion. This unique checklist stands out in a sense that it is not per-se designed to give answers, but to engage the reader and lay out a SIEM thinking-frame.
How far is your company on its SIEM journey?
Take this short survey to gauge your organization’s progress toward SIEM leadership. Learn your strongest and weakest areas, and what you can do now to create a strategy that delivers results.
To address the criteria in this checklist for your organization, extensive selected resources are provided for sources of further research and information.
Start the Checklist
Below you will find a quick checklist designed to help you think about which SIEM related domains to cover and 142 essential critical questions to check off in that domain.
The following domains are covered:
SIEM, Security information and event management, Analytics, Anti-virus, Apache Hadoop, Big data, Chaos Communication Congress, Computer data storage, Computer security, Computer virus, Cyberwarfare, Data retention, Directory services, IT risk, Log management, Regulatory compliance, Security event manager, Security information management, Threat, Vulnerability, Zero-day:
SIEM Critical Criteria:
Devise SIEM goals and probe the present value of growth of SIEM.
– Does the SIEM task fit the clients priorities?
– Have all basic functions of SIEM been defined?
Security information and event management Critical Criteria:
Canvass Security information and event management engagements and adjust implementation of Security information and event management.
– How do we ensure that implementations of SIEM products are done in a way that ensures safety?
Analytics Critical Criteria:
Merge Analytics decisions and define what do we need to start doing with Analytics.
– If you have determined that compensation and benefits are not necessarily creating an incentive for your employees to stay with you, where do you look next?
– Do you see connections where one variable might affect another at the same or different level?
– Are there certain employees who have the right characteristics to be moved into sales?
– What are the key process differences between our most productive plants and others?
– How is employee commitment to the organization, and what can we do to address that?
– Is our employee rewards/recognition program more successful for certain functions?
– Does our performance rating system accurately reflect actual employee performance?
– Is pay by itself adequate to effectively attract, motivate, and retain employees?
– What percentage of the total workforce is contract, seasonal, or temporary?
– Which recruitment channels give us the candidates with the right profile?
– How do you pick an appropriate ETL tool or business analytics tool?
– How do you know which variables have an effect on the outcomes?
– Do you understand the parameters set by the algorithm?
– What are the best client side analytics tools today?
– What are the best social crm analytics tools?
– What are the objectives for voice analytics?
– What is the internal customer experience?
– Can We Really Predict Turnover?
– How do we retain talent?
Anti-virus Critical Criteria:
Consider Anti-virus goals and simulate teachings and consultations on quality process improvement of Anti-virus.
– For your SIEM project, identify and describe the business environment. is there more than one layer to the business environment?
– Does each mobile computer with direct connectivity to the internet have a personal firewall and anti-virus software installed?
– Is anti-virus software installed on all computers/servers that connect to your network?
– What new services of functionality will be implemented next with SIEM ?
– Is the anti-virus software package updated regularly?
Apache Hadoop Critical Criteria:
Merge Apache Hadoop tasks and adjust implementation of Apache Hadoop.
– Why is it important to have senior management support for a SIEM project?
– Is the SIEM organization completing tasks effectively and efficiently?
– Is a SIEM Team Work effort in place?
Big data Critical Criteria:
Face Big data risks and point out Big data tensions in leadership.
– From all data collected by your organization, what is approximately the share of external data (collected from external sources), compared to internal data (produced by your operations)?
– Do you see the need for actions in the area of standardisation (including both formal standards and the promotion of/agreement on de facto standards) related to your sector?
– Do you see the need to address the issues of data ownership or access to non-personal data (e.g. machine-generated data)?
– Which departments in your organization are involved in using data technologies and data analytics?
– Does big data threaten the traditional data warehouse business intelligence model stack?
– What are the legal risks in using Big Data/People Analytics in hiring?
– How does big data impact Data Quality and governance best practices?
– What would be needed to support collaboration on data sharing in your sector?
– How will systems and methods evolve to remove Big Data solution weaknesses?
– What new Security and Privacy challenge arise from new Big Data solutions?
– Can good algorithms, models, heuristics overcome Data Quality problems?
– Does your organization have a strategy on big data or data analytics?
– Does aggregation exceed permissible need to know about an individual?
– At which levels do you see the need for standardisation actions?
– With more data to analyze, can Big Data improve decision-making?
– More efficient all-to-all operations (similarities)?
– So how are managers using big data?
– Who is collecting what?
– How to use in practice?
Chaos Communication Congress Critical Criteria:
Study Chaos Communication Congress results and do something to it.
– What are the record-keeping requirements of SIEM activities?
– How do we Improve SIEM service perception, and satisfaction?
– What will drive SIEM change?
Computer data storage Critical Criteria:
Guard Computer data storage engagements and finalize the present value of growth of Computer data storage.
– What business benefits will SIEM goals deliver if achieved?
– Are there recognized SIEM problems?
Computer security Critical Criteria:
Give examples of Computer security visions and display thorough understanding of the Computer security process.
– Think about the people you identified for your SIEM project and the project responsibilities you would assign to them. what kind of training do you think they would need to perform these responsibilities effectively?
– Does your company provide end-user training to all employees on Cybersecurity, either as part of general staff training or specifically on the topic of computer security and company policy?
– Will the selection of a particular product limit the future choices of other computer security or operational modifications and improvements?
– Is Supporting SIEM documentation required?
– What are our SIEM Processes?
Computer virus Critical Criteria:
Probe Computer virus tactics and oversee Computer virus requirements.
– What sources do you use to gather information for a SIEM study?
– Are we Assessing SIEM and Risk?
Cyberwarfare Critical Criteria:
Guard Cyberwarfare governance and transcribe Cyberwarfare as tomorrows backbone for success.
– At what point will vulnerability assessments be performed once SIEM is put into production (e.g., ongoing Risk Management after implementation)?
– Are we making progress? and are we making progress as SIEM leaders?
– Do SIEM rules make a reasonable demand on a users capabilities?
Data retention Critical Criteria:
Study Data retention tasks and customize techniques for implementing Data retention controls.
– Traditional data protection principles include fair and lawful data processing; data collection for specified, explicit, and legitimate purposes; accurate and kept up-to-date data; data retention for no longer than necessary. Are additional principles and requirements necessary for IoT applications?
– Record-keeping requirements flow from the records needed as inputs, outputs, controls and for transformation of a SIEM process. ask yourself: are the records needed as inputs to the SIEM process available?
– What tools and technologies are needed for a custom SIEM project?
– Who will be responsible for documenting the SIEM requirements in detail?
Directory services Critical Criteria:
Shape Directory services failures and triple focus on important concepts of Directory services relationship management.
– What are the success criteria that will indicate that SIEM objectives have been met and the benefits delivered?
– Who is responsible for ensuring appropriate resources (time, people and money) are allocated to SIEM?
– What are all of our SIEM domains and what do they do?
IT risk Critical Criteria:
Shape IT risk management and frame using storytelling to create more compelling IT risk projects.
– Nearly all managers believe that their risks are the most important in the enterprise (or at least they say so) but whose risks really matter most?
– Old product plus new technology leads to new regulatory concerns which could be added burden, how to do you deal with that?
– Does your company have a common risk and control framework or foundation that is used today across the company?
– In your opinion, how effective is your company at conducting the risk management activities?
– People risk -Are people with appropriate skills available to help complete the project?
– Does your company have a formal IT risk framework and assessment process in place?
– How does your company report on its information and technology risk assessment?
– Does the IT Risk Management framework align to a three lines of defense model?
– Have you defined IT risk performance metrics that are monitored and reported?
– How good is the enterprise at performing the IT processes defined in CobiT?
– Can highly-effective IT Risk Management programs ever eliminate IT Risk?
– Do you have a common risk and control framework used across the company?
– Which risks are managed or monitored in the scope of the ITRM function?
– Who performs your companys information and technology risk assessments?
– How much money should be invested in technical security measures ?
– To what extent are you involved in ITRM at your company?
– Does the board have a manual and operating procedures?
– What drives the timing of your risk assessments?
– What triggers a risk assessment?
Log management Critical Criteria:
Probe Log management risks and pay attention to the small things.
– How do you incorporate cycle time, productivity, cost control, and other efficiency and effectiveness factors into these SIEM processes?
– What is the purpose of SIEM in relation to the mission?
– What is Effective SIEM?
Regulatory compliance Critical Criteria:
Judge Regulatory compliance projects and modify and define the unique characteristics of interactive Regulatory compliance projects.
– Does SIEM include applications and information with regulatory compliance significance (or other contractual conditions that must be formally complied with) in a new or unique manner for which no approved security requirements, templates or design models exist?
– In the case of public clouds, will the hosting service provider meet their regulatory compliance requirements?
– Regulatory compliance: Is the cloud vendor willing to undergo external audits and/or security certifications?
– What tools do you use once you have decided on a SIEM strategy and more importantly how do you choose?
– What vendors make products that address the SIEM needs?
– What is Regulatory Compliance ?
– What threat is SIEM addressing?
Security event manager Critical Criteria:
Steer Security event manager goals and remodel and develop an effective Security event manager strategy.
– What will be the consequences to the business (financial, reputation etc) if SIEM does not go ahead or fails to deliver the objectives?
– Does SIEM create potential expectations in other areas that need to be recognized and considered?
– How do we manage SIEM Knowledge Management (KM)?
Security information management Critical Criteria:
Sort Security information management quality and question.
– What are the top 3 things at the forefront of our SIEM agendas for the next 3 years?
– Do we monitor the SIEM decisions made and fine tune them as they evolve?
– How will you know that the SIEM project has been successful?
Threat Critical Criteria:
Mine Threat quality and question.
– How hard is it for an intruder to steal confidential data from the cloud providers systems (external threat)?
– Is there a person at your organization who coordinates responding to threats and recovering from them?
– How can you tell if the actions you plan to take will contain the impact of a potential cyber threat?
– Is cloud computing a threat to the real sense of ownership?
– How do you assess threats to your system and assets?
– Can we adapt to a changing threat environment?
– What can be done to mitigate threats?
– What threat is this space addressing?
– How are our assets threatened?
– What are my security threats?
Vulnerability Critical Criteria:
Weigh in on Vulnerability risks and create Vulnerability explanations for all managers.
– Is it prohibited to store the full contents of any track from the magnetic stripe (on the back of the card, in a chip, etc.) in the database, log files, or point-of-sale products?
– Are security alerts from the intrusion detection or intrusion prevention system (ids/ips) continuously monitored, and are the latest ids/ips signatures installed?
– Are all production systems (servers and network components) hardened by removing all unnecessary services and protocols installed by the default configuration?
– Is there an account-lockout mechanism that blocks a maliCIOus user from obtaining access to an account by multiple password retries or brute force?
– When authenticating over the internet, is the application designed to prevent maliCIOus users from trying to determine existing user accounts?
– Are all router, switches, wireless access points, and firewall configurations secured and do they conform to documented security standards?
– Are transmissions of sensitive cardholder data encrypted over public networks through the use of ssl or other industry acceptable methods?
– If wireless technology is used, do you restrict access to wireless access points, wireless gateways, and wireless handheld devices?
– Are all user accounts reviewed on a regular basis to ensure that maliCIOus, out-of-date, or unknown accounts do not exist?
– Is a security incident response plan formally documented and disseminated to the appropriate responsible parties?
– Does the provider extend their vulnerability and configuration management process to the virtualization platform?
– Are all but the last four digits of the account number masked when displaying cardholder data?
– Is access to payment card account numbers restricted for users on a need-to-know basis?
– Regarding the saas system requirement for invoicing. what is involved in this process?
– Wep keys, ssid, passwords, snmp community strings, disabling ssid broadcasts)?
– Do you or any third parties conduct any penetration & vulnerability testing?
– Can we take exceptions to the standard contract (exhibit d)?
– What is the likelihood that a compromise will occur?
– How do we compare outside our industry?
Zero-day Critical Criteria:
Start Zero-day risks and point out Zero-day tensions in leadership.
– Do the SIEM decisions we make today help people and the planet tomorrow?
– How do we know that any SIEM analysis is complete and comprehensive?
This quick readiness checklist is a selected resource to help you move forward. Learn more about how to achieve comprehensive insights with the SIEM Self Assessment:
Author: Gerard Blokdijk
CEO at The Art of Service | http://theartofservice.com
Gerard is the CEO at The Art of Service. He has been providing information technology insights, talks, tools and products to organizations in a wide range of industries for over 25 years. Gerard is a widely recognized and respected information expert. Gerard founded The Art of Service consulting business in 2000. Gerard has authored numerous published books to date.
To address the criteria in this checklist, these selected resources are provided for sources of further research and information:
SIEM External links:
Feb 21, 2018 · Book your tickets online for Angkor Wat, Siem Reap: See 38,509 reviews, articles, and 33,943 photos of Angkor Wat, …
http://5/538.5K TripAdvisor reviews
Siem Reap Hotels| Cambodia| Park Hyatt Siem Reap
SIEM & Log Monitoring Software by Snare
Security information and event management External links:
A Guide to Security Information and Event Management
Analytics External links:
Google Analytics Solutions – Marketing Analytics & …
CertifiedAnalytics – Official Site
Anti-virus External links:
Kaspersky Anti-Virus 2018
Apache Hadoop External links:
Apache Hadoop open source ecosystem | Cloudera
Hortonworks Apache Hadoop and Big Data Certifications
Apache Hadoop training from Cloudera University
Big data External links:
Event Hubs – Cloud big data solutions | Microsoft Azure
Take 5 Media Group – Build an audience using big data
Chaos Communication Congress External links:
Chaos Communication Congress Pausenmusik – YouTube
CCC | Chaos Communication Congress is moving to Leipzig
MAKE @ 24C3 – 24th Chaos Communication Congress
Computer data storage External links:
Dell Computer Data Storage & Backup Devices | Dell …
Computer Data Storage Options – Ferris State University
Computer Data Storage Jobs, Employment | Indeed.com
Computer security External links:
[PDF]Computer Security Incident Handling Guide – …
Best Computer Security Software | 2018 Reviews of the …
Computer Security Flashcards | Quizlet
Computer virus External links:
FixMeStick | The Leading Computer Virus Cleaner
Don’t fall for this computer virus scam! – May. 12, 2017
Cyberwarfare External links:
Cyberwarfare – The New York Times
Data retention External links:
[PDF]data retention policy – LandStar Tile Agency Inc.
http://www.landstartitle.net/Disclosures/data retention policy.pdf
[DOC]Data Retention Policy – hr.waddell.com
[PDF]XtraMath Data Retention Policy
Directory services External links:
North American Directory Services – Guest Directories
Directory Services | Duke University OIT
UC Directory Services
IT risk External links:
IT Risk Management and Compliance Solutions | Telos
Log management External links:
Graylog | Open Source Log Management
Log Analysis | Log Management by Loggly
SP 800-92, Guide to Computer Security Log Management …
Regulatory compliance External links:
Regulatory Compliance Certification School | CUNA
Certified Regulatory Compliance Manager (CRCM)
Security event manager External links:
LogLogic Security Event Manager | Tibco LogLogic
GE Digital Energy : CyberSentry SEM Security Event Manager
Security information management External links:
Physical Security Information Management – PSIM Software
SIMS Software – Security Information Management …
Threat External links:
Insider Threat Awareness – USALearning
Insider Threat Awareness
NTAC – National Threat Assessment Center
Vulnerability External links:
GRC | ShieldsUP! — Internet Vulnerability Profiling
Meltdown and Spectre Side-Channel Vulnerability …
ATSDR – The Social Vulnerability Index (SVI) – Home Page
Zero-day External links:
Email Spam and Zero-Day Malware Filter | SpamStopsHere
Polyverse | Moving Target Defense, Zero-Day & Cyber …