Embed Size (px)
Citation preview
Maintaining a proactive monitoring of a technical and functional infrastructure is a continuing challenge for executives and professionals in information security. Developing the ability to anticipate events and demanding IT insecurity scenarios are permanent tests that question the
more elaborate models for the protection of information. In this context, having the security-alert information generated in different parts of our infrastructure and knowing firsthand the security events
that occur with the constant interaction of different systems and their participants are urgent needs for proper information security management today.
For this reason, David Miller, Allan Sharper, Chris Blask and Stephen VanDyke presented in this book a strategic and tactical review of deployment systems for monitoring, control and security event correlation, with the aim of generating incident-response capacity and proactive alerts and providing information security managers with a more active posture against the challenges of the complex attacks and failures of the IT available.
Security Information and Event Management Implementation presents analysis of major monitoring solutions, such as event correlation OSSIM, Cisco MARS, ArcSight and Q1 Labs QRadar. For each solution, the book details
its technical characteristics and key elements for implementation, with special emphasis on specific considerations to configuration.
Similarly, there is a section in which the authors present elements to develop business intelligence using security information and event management (SIEM) solutions to understand and analyze the changes and evolution of infrastructure and information systems, integrating information from different sources and developing compliance and an effective security posture.
The book can be useful for specialists in information security as well as for information systems auditors, as it allows readers to develop and review policy frameworks to ensure reliable operation with known levels of traceability and control.
IT managers and information security executives facing national and international regulatory and compliance requirements, as well as those who are required to ensure a proactive position to anticipate potential security incidents, can find in this publication SIEM practices with concrete tools to protect enterprise information in an open and interconnected way.
Editor’s NotESecurity Information and Event Management Implementation is available from the ISACA Bookstore. For information, see the ISACA Bookstore Supplement in this Journal, visit www.isaca.org/bookstore, e-mail [email protected] or telephone +1.847.660.5650. ISACA has issued Security Information and Event Management: Business Benefits and Security, Governance and Assurance Perspective, a white paper available at www.isaca.org/whitepapers.
By david Miller, Allan
sharper, stephen Vandyke
and Chris Blask
reviewed by Jeimy J. Cano
M., Ph.d., CFC, CFE, CMAs,
distinguished professor in
the law department of the
Universidad de los Andes,
Colombia. He has been a
practitioner and researcher
in information and computer
security and in computer
forensics for more than 15
years in different industries.
Cano is a member of ISACA’s
Publications Subcommittee.
Security Information and Event Management Implementation
1ISACA JOURNAL VOLUME 4, 2011
”
“Developing the ability to anticipate events and demanding IT insecurity scenarios are permanent tests that question the more elaborate models for the protection of information.
do you have something to say about this article?
Visit the Journal pages of the ISACA web site (www.isaca.org/journal), find the article, and choose the Comments tab to share your thoughts.
