Operationalizing Information Security: Putting the Top 10 SIEM Best Practices to Work
By Scott Gordon
()
About this ebook
Applying a top 10 best practices approach to leverage security information event management (SIEM), this e-book offers infosec professionals the means to gain more assured value from SIEM. Whether seeking to streamline incident response, automate compliance processes, better manage security and operational risk, or build out deployments, examine key process, metrics and technology considerations.
Scott Gordon
Scott Gordon is a successful children's book author, with over two hundred books to his credit. He also writes science fiction, fantasy and horror under the pen name S.E. Gordon.
Read more from Scott Gordon
Alphabet All-Stars Rating: 0 out of 5 stars0 ratingsAlphabet All-Stars: Be Safe This Halloween: Alphabet All-Stars Rating: 5 out of 5 stars5/5Happy New Year Rating: 0 out of 5 stars0 ratingsAlphabet All-Stars: Colorful Cards: Alphabet All-Stars Rating: 0 out of 5 stars0 ratingsMy Crazy Pet Frog: I Gave My Pizza A Spanking: My Crazy Pet Frog Rating: 0 out of 5 stars0 ratings
Related to Operationalizing Information Security
Related ebooks
NIST Cybersecurity Framework: A pocket guide Rating: 0 out of 5 stars0 ratingsAsset Security: CISSP, #2 Rating: 0 out of 5 stars0 ratingsBuilding Effective Cybersecurity Programs: A Security Manager’s Handbook Rating: 4 out of 5 stars4/5Security Operations Center - Analyst Guide: SIEM Technology, Use Cases and Practices Rating: 4 out of 5 stars4/5Modern Cybersecurity Practices: Exploring And Implementing Agile Cybersecurity Frameworks and Strategies for Your Organization Rating: 0 out of 5 stars0 ratingsSecurity Engineering: CISSP, #3 Rating: 0 out of 5 stars0 ratingsCyber Essentials: A Pocket Guide Rating: 5 out of 5 stars5/5The Cybersecurity Maturity Model Certification (CMMC) – A pocket guide Rating: 0 out of 5 stars0 ratingsSecurity Operations Center - SIEM Use Cases and Cyber Threat Intelligence Rating: 0 out of 5 stars0 ratingsSecurity Assessment and Testing: CISSP, #6 Rating: 2 out of 5 stars2/5Computer Incident Response and Forensics Team Management: Conducting a Successful Incident Response Rating: 4 out of 5 stars4/5Information Security Governance: A Practical Development and Implementation Approach Rating: 0 out of 5 stars0 ratingsEnterprise Security: A Data-Centric Approach to Securing the Enterprise Rating: 0 out of 5 stars0 ratingsAuthorizing Official Handbook: for Risk Management Framework (RMF) Rating: 0 out of 5 stars0 ratingsInfosec Management Fundamentals Rating: 5 out of 5 stars5/5Software Development Security: CISSP, #8 Rating: 0 out of 5 stars0 ratingsBuilding a Practical Information Security Program Rating: 5 out of 5 stars5/5Security Operations: CISSP, #7 Rating: 0 out of 5 stars0 ratingsCyber Intelligence-Driven Risk: How to Build and Use Cyber Intelligence for Business Risk Decisions Rating: 0 out of 5 stars0 ratingsInformation Security for Small and Midsized Businesses Rating: 0 out of 5 stars0 ratingsCyber Breach Response That Actually Works: Organizational Approach to Managing Residual Risk Rating: 0 out of 5 stars0 ratingsApplication Security in the ISO27001 Environment Rating: 0 out of 5 stars0 ratingsRisk Management Framework: A Lab-Based Approach to Securing Information Systems Rating: 2 out of 5 stars2/5Identity and Access Management: CISSP, #5 Rating: 0 out of 5 stars0 ratingsNine Steps to Success: An ISO27001:2013 Implementation Overview Rating: 1 out of 5 stars1/5Framework for SCADA Cybersecurity Rating: 5 out of 5 stars5/5Secure Your Business: Insights to Governance, Risk, Compliance & Information Security Rating: 0 out of 5 stars0 ratingsRisk Management and Information Systems Control Rating: 5 out of 5 stars5/5Designing and Building Security Operations Center Rating: 3 out of 5 stars3/5
Security For You
Destination CISSP Rating: 3 out of 5 stars3/5CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5Practical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5Remote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5Make Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5Codes and Ciphers - A History of Cryptography Rating: 4 out of 5 stars4/5Network+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5How to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Mike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsCybersecurity All-in-One For Dummies Rating: 0 out of 5 stars0 ratingsHacking For Dummies Rating: 4 out of 5 stars4/5How to Hack Like a Pornstar Rating: 5 out of 5 stars5/5Amazon Web Services (AWS) Interview Questions and Answers Rating: 5 out of 5 stars5/5Mike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Tor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5Handbook of Digital Forensics and Investigation Rating: 4 out of 5 stars4/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5Ethical Hacking 101 - How to conduct professional pentestings in 21 days or less!: How to hack, #1 Rating: 5 out of 5 stars5/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5Social Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5Security+ Boot Camp Study Guide Rating: 5 out of 5 stars5/5
Reviews for Operationalizing Information Security
0 ratings0 reviews
Book preview
Operationalizing Information Security - Scott Gordon
Operationizing Information Security - Putting the Top 10 SIEM Best Practices To Work
Processes, Metrics and Technologies
By Scott Gordon
Copyright 2010 Scott Gordon
ISBN 978-0-615-43366-0
Smashwords Edition
~~~~
Introduction
"Ask any security practitioner about their holy grail and the answer is twofold: They want one alert specifying exactly what is broken, on just the relevant events, with the ability to learn the extent of the damage. They need to pare down billions of events into actionable information. Second, they want to make the auditor go away as quickly and painlessly as possible, which requires them to streamline both the preparation and presentation aspects of the audit process. SIEM and Log Management tools have emerged to address these needs and continue to generate a tremendous amount of interest in the market, given the compelling use cases for the technologies.
Michael Rothman, Security Industry Analyst and President of Securosis ¹
The use of Security Information and Event Management (SIEM ²) as part of an integrated security management program is an information security best practice. The SIEM market category, beyond basic event logging, has been around since circa 1990’s. Whether referring to security event management, security information management, log management systems or more modern combined industry solutions, SIEM user requirements and operational considerations have evolved. How can one ensure successful SIEM implementation and on-going improvement, while at the same time further optimize resources and accelerate return on investment?
This e-book provides guidance to operationalize information security and put the top 10 SIEM best practices to work. Rather than an exhaustive examination of SIEM, the purpose is to offer pertinent insights and details with regards to how IT organizations and information security professionals can gain more assured value from SIEM.
Whether seeking to streamline incident response, automate audit and compliance processes, better manage security and business risks, or build out your deployed SIEM - this e-book presents process, metrics and technology considerations relative to SIEM implementation and security operations.
Each of the ten chapters referenced in the Table of Contents below offers:
Overview and Highlight Processes: topic introduction, process considerations, exploring operational concerns, getting results, and avoiding common pitfalls
Recommended Metrics: the more popular SIEM dashboards, reports, alerting and related operational measurements to support security operations, incident response and compliance
Technology considerations: sources, controls and related SIEM functionality
Whether seeking to streamline incident response, automate audit and compliance processes, better manage security and business risks, or build out your deployed SIEM - this e-book presents process, metrics and technology considerations relative to SIEM implementation and security operations.
Table of Contents
Chapter 1 - What is a SIEM and What are the Top Ten SIEM Best Practices
Chapter 2 - SIEM Best Practice #1 – Monitoring and reporting requirements
Chapter 3 - SIEM Best Practice #2 – Deployment and infrastructure activation
Chapter 4 - SIEM Best Practice #3 – Compliance and audit data requirements
Chapter 5 - SIEM Best Practice #4 – Access controls
Chapter 6 - SIEM Best Practice #5 – Boundary defenses
Chapter 7 - SIEM Best Practice #6 – Network and system resource integrity
Chapter 8 - SIEM Best Practice #7 – Network and host defenses
Chapter 9 - SIEM Best Practice #8 – Malware control
Chapter 10 - SIEM Best Practice #9 – Application defenses
Chapter 11 - SIEM Best Practice #10 – Acceptable Use
Chapter 12 - Conclusion
Chapter 13 - Author, Acknowledgements, References, Use and Copyrights
Note 1 - Securosis, Understanding and Selecting SIEM and Log Management
August, 2010, www.securiosis.com
Note 2 - Within this document, log management functionality and reference will be subsumed by the term SIEM.
~~~~
Chapter 1:
What is a