Abstract
To achieve business objectives, to stay competitive and to operate legally modern organizations of all types (e.g. commercial enterprises, government agencies, not-for profit organizations), different size and sphere of activity need to match a lot of internal and external requirements. They are called compliance regulations and mean conforming to a rule, such as a specification, procedure, policy, standard, law, etc. These organizations need to ensure valuable assets, uninterrupted business operation (processes), reliable data and differentiated quality of service (QoS) to various groups of users. They need to protect their clients and employees not only inside but also outside organization itself in connection with which two new terms were introduced – teleworking or telecommuting. According to Gartner by 2020, 30% of global enterprises will have been directly compromised by an independent group of cybercriminals or cyberactivists. And in 60% of network breaches, hackers compromise the network within minutes, says Verizon in the 2015 Data Breach Investigations Report. An integrated system to manage organizations’ intranet security is required as never before. The data collected and analyzed within this system should be evaluated online from a viewpoint of any information security (IS) incident to find its source, consider its type, weight its consequences, visualize its vector, associate all target systems, prioritize countermeasures and offer mitigation solutions with weighted impact relevance. The brief analysis of a concept and evolution of Security Information and Event Management (SIEM) systems and their usage in Security Operations Centers and Security Intelligence Centers for intranet’s IS management are presented.
References
ISO/IEC 27000: Information technology – Security techniques – Information security management systems – Overview and vocabulary (2016)
IBM Corporation: IT Security Compliance Management Design Guide with IBM Tivoli Security Information and Event Manager. 2nd edn. (2010). http://www.redbooks.ibm.com/abstracts/sg247530.html?Open. Accessed 05 June 2017
Techtarget: Security information and event management (SIEM) (2014). http://searchsecurity.techtarget.com/definition/security-information-and-event-management-SIEM. Accessed 05 June 2017
Scarfone, K.: Introduction to SIEM services and products (2015). http://searchsecurity.techtarget.com/feature/Introduction-to-SIEM-services-and-products. Accessed 05 June 2017
Miller, D., Harris, S., Harper, A., VanDyke, S.: Security Information and Event Management (SIEM) Implementation. McGraw-Hill, New York (2010). 464 p.
Miloslavskaya, N.G., Senatorov, M.Y., Tolstoy, A.I.: Information Security Incident and Business Continuity Management. Information Security Management Issues Series, 2nd edn., vol. 3, 170 p. Goriachaja linia-Telecom, Moscow (2014). (in Russian). 5 Volumes
Verizon: Data Breach Investigations Report (2015). http://www.verizonenterprise.com/DBIR/2015/. Accessed 05 June 2017
Acknowledgments
This work was supported by the MEPhI Academic Excellence Project (agreement with the Ministry of Education and Science of the Russian Federation of August 27, 2013, project no. 02.a03.21.0005).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Miloslavskaya, N. (2018). Analysis of SIEM Systems and Their Usage in Security Operations and Security Intelligence Centers. In: Samsonovich, A., Klimov, V. (eds) Biologically Inspired Cognitive Architectures (BICA) for Young Scientists. BICA 2017. Advances in Intelligent Systems and Computing, vol 636. Springer, Cham. https://doi.org/10.1007/978-3-319-63940-6_40
Download citation
DOI: https://doi.org/10.1007/978-3-319-63940-6_40
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-63939-0
Online ISBN: 978-3-319-63940-6
eBook Packages: EngineeringEngineering (R0)