A Novel and Comprehensive Evaluation Methodology for SIEM

  • Mahdieh SafarzadehEmail author
  • Hossein Gharaee
  • Amir Hossein Panahi
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11879)


Many SIEM products have been produced. However, there is no comprehensive methodology to evaluate them. We present a novel and comprehensive three-dimensional methodology to evaluate SIEM products. We consider a SIEM product as a set of dimensions, namely capability, architectural component, and common feature, then subdivide each dimension-according to its definition-into sub-dimensions. Afterward, we develop multiple criteria for evaluating each sub-dimension. The dimensions can have a different impact and importance on SIEM product, to determine the magnitude of the impact and importance of each dimension we use a factor called the impact factor. We also consider some impact factors for the impact and importance of each sub-dimension and each criterion. Since there are different methods, algorithms, and standards for developing the criteria, so we provide maturity levels for each criterion. The results of the evaluations show that this methodology can evaluate the criteria coverage, completeness and correctness of criteria, and determine the superiority of criteria in the SIEM products as well.


Security information and event management SIEM evaluation methodology SIEM evaluation SIEM maturity SIEM capabilities 


  1. 1.
  2. 2.
  3. 3.
  4. 4.
    Mark, N., Kelly, M.K.: Critical Capabilities for Security Information and Event, May 2013. Accessed 7 June 2019Google Scholar
  5. 5.
  6. 6.
  7. 7.
    Igor, k., Elena, D.: Countermeasure selection in SIEM systems based on the integrated complex of security metrics. In: 23rd Euromicro International Conference on Parallel, Distributed, and Network-Based Processing, pp. 567–574. IEEE, Turku(2015)Google Scholar
  8. 8.
    Kavita, A., Hemant, M.: A study on critical capabilities for security information and event management. Int. J. Sci. Res. (IJSR) 4(7), 1893–1896 (2015)Google Scholar
  9. 9.
    Leszczyna, R., Wróbel, M.R.: Evaluation of open source SIEM for situation awareness platform in the smart grid environment. In: World Conference on Factory Communication Systems (WFCS), pp. 1–4. IEEE, Palma de Mallorca (2015)Google Scholar
  10. 10.
    Sandeep, B., Pratyusa, K.M., Loai, Z.: The operational role of security information and event management systems. IEEE Secur. Priv. 12(5), 35–41 (2014)CrossRefGoogle Scholar
  11. 11.
    Cesario, D.S., Alessia, G., Ilaria, M., Marco, V.: A novel security information and event management system for enhancing cyber security in a hydroelectric dam. Int. J. Crit. Infrastruct. Protect. 13(5), 39–51 (2016)Google Scholar
  12. 12.
    Filip, H., Josef, H., Sona, N., Stanislav, Z., Ondrej, M.: The deployment of security information and event management in cloud infrastructure. In: 25th International Conference Radioelektronika (RADIOELEKTRONIKA), pp. 399–404. IEEE, Pardubice (2015)Google Scholar
  13. 13.
    David, R.M., Shon, H., Allen, H., Stephen, V., Chris, B.: Security Information and Event Management (SIEM) Implementation, 1st edn. McGraw-Hill Education, New York (2011)Google Scholar
  14. 14.
    David, N.: Designing and Building A Security Operations Center, 1st edn. Syngress, Massachusetts (2015)Google Scholar
  15. 15.
    Joseph, M., Gary, M., Nadhem, A.: Security Operations Center: Building, Operating, and Maintaining your SOC. Cisco Press, Indiana (2016)Google Scholar
  16. 16.
  17. 17.

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Mahdieh Safarzadeh
    • 1
    Email author
  • Hossein Gharaee
    • 1
  • Amir Hossein Panahi
    • 1
  1. 1.Iran Telecommunication Research CenterTehranIran

Personalised recommendations