Study of the Enterprise Security Manager / Security Incident Manager (ESM / SIM)

Chol, Emmanuel

doi:doi:10.7939/r3-nshs-wh14

View

Download

Communities and Collections

Concordia University of Edmonton / Master of Information Systems Security Management (MISSM) and Master of Information Systems Assurance Management (MISAM) Project Reports (Concordia University of Edmonton)

Usage

87 views
63 downloads

Study of the Enterprise Security Manager / Security Incident Manager (ESM / SIM)

Author(s) / Creator(s)
- Chol, Emmanuel
The Enterprise Security Manager / Security Incident Manager (ESM / SIM) solutions were developed to enhance security. They are also called Security Information and Event Management (SIEM) from the merge of Security Event Manager (SEM) and SIM products. Such products were developed in order to solve difficulties. These ones resided in the fact of handling logs data from heterogeneous and independent sources spread across the company.
The idea was to collect and centralize data to process it using correlation methods, processes that could increase the detection of anomaly up to 35%. These operations save time and increase the accuracy of security alerts. The cost of data analysis was reduced by more than 50% by the ESM / SIM users. Also a Managed Security Services Provider company claimed that, its incident count decreased by 70%, its incident management labour decreased by 80% and the reporting time requirement decreased by 83%.
Moreover, recent security laws, like the Sarbanes Oxley Act, led company to follow security compliances in order to provide evidence to business partners and stakeholders. The
review of Security Information Management Tools article stated that through the three past years the SIM products gain ease of installation and use. Some products are bounded on
systems or appliances which could encourage companies to try and install them. North American companies showed a strong interest on ESM / SIM solutions, 30% planned to
implement such a solution in 2006.
The following study will rely on brochures, demonstrations, datasheets and manuals describing the ESM / SIM solutions. Each section of the outline will describe a panel of available methods. The Open Source Security Information Management (OSSIM) solution will be used to see an ESM / SIM in action [6]. Some correlation rules and console outputs
will be showed. It will provide an insight on the logs and alerts management and also on data correlation.
Date created

2007-01-04
Subjects / Keywords
Type of Item

Research Material
DOI

https://doi.org/10.7939/r3-nshs-wh14
License

Attribution-NonCommercial 4.0 International

Language
- English