Operationalizing Information Security: Putting the Top 10 SIEM Best Practices to Work
By Scott Gordon
()
About this ebook
Applying a top 10 best practices approach to leverage security information event management (SIEM), this e-book offers infosec professionals the means to gain more assured value from SIEM. Whether seeking to streamline incident response, automate compliance processes, better manage security and operational risk, or build out deployments, examine key process, metrics and technology considerations.
Scott Gordon
Scott Gordon is a successful children's book author, with over two hundred books to his credit. He also writes science fiction, fantasy and horror under the pen name S.E. Gordon.
Read more from Scott Gordon
Alphabet All-Stars Rating: 0 out of 5 stars0 ratingsAlphabet All-Stars: Be Safe This Halloween: Alphabet All-Stars Rating: 5 out of 5 stars5/5Happy New Year Rating: 0 out of 5 stars0 ratingsAlphabet All-Stars Flashcards (Fruits and Vegetables): Alphabet All-Stars Rating: 0 out of 5 stars0 ratingsA Little Book About You Rating: 0 out of 5 stars0 ratingsAlphabet All-Stars: Colorful Cards: Alphabet All-Stars Rating: 0 out of 5 stars0 ratings
Related to Operationalizing Information Security
Related ebooks
Information Security for Small and Midsized Businesses Rating: 0 out of 5 stars0 ratingsSecurity Operations Center - Analyst Guide: SIEM Technology, Use Cases and Practices Rating: 4 out of 5 stars4/5Authorizing Official Handbook: for Risk Management Framework (RMF) Rating: 0 out of 5 stars0 ratingsModern Cybersecurity Practices: Exploring And Implementing Agile Cybersecurity Frameworks and Strategies for Your Organization Rating: 0 out of 5 stars0 ratingsNIST Cybersecurity Framework: A pocket guide Rating: 0 out of 5 stars0 ratingsSecurity Assessment and Testing: CISSP, #6 Rating: 2 out of 5 stars2/5Infosec Management Fundamentals Rating: 5 out of 5 stars5/5Cyber Essentials: A Pocket Guide Rating: 5 out of 5 stars5/5Security Engineering: CISSP, #3 Rating: 0 out of 5 stars0 ratingsSecurity Operations Center - SIEM Use Cases and Cyber Threat Intelligence Rating: 0 out of 5 stars0 ratingsSoftware Development Security: CISSP, #8 Rating: 0 out of 5 stars0 ratingsSecurity Operations: CISSP, #7 Rating: 0 out of 5 stars0 ratingsCyber Breach Response That Actually Works: Organizational Approach to Managing Residual Risk Rating: 0 out of 5 stars0 ratingsInformation Security Governance: A Practical Development and Implementation Approach Rating: 0 out of 5 stars0 ratingsThe Cybersecurity Maturity Model Certification (CMMC) – A pocket guide Rating: 0 out of 5 stars0 ratingsAsset Security: CISSP, #2 Rating: 0 out of 5 stars0 ratingsStart-Up Secure: Baking Cybersecurity into Your Company from Founding to Exit Rating: 0 out of 5 stars0 ratingsAsset Attack Vectors: Building Effective Vulnerability Management Strategies to Protect Organizations Rating: 0 out of 5 stars0 ratingsComputer Incident Response and Forensics Team Management: Conducting a Successful Incident Response Rating: 4 out of 5 stars4/5Building a Practical Information Security Program Rating: 5 out of 5 stars5/5Building Effective Cybersecurity Programs: A Security Manager’s Handbook Rating: 4 out of 5 stars4/5Cloud Security and Governance: Who's on your cloud? Rating: 1 out of 5 stars1/5Nine Steps to Success: An ISO27001:2013 Implementation Overview Rating: 1 out of 5 stars1/5Cyber Intelligence-Driven Risk: How to Build and Use Cyber Intelligence for Business Risk Decisions Rating: 0 out of 5 stars0 ratingsRisk Management and Information Systems Control Rating: 5 out of 5 stars5/5The Certified Ethical Hacker Exam - version 8 (The concise study guide) Rating: 3 out of 5 stars3/5Designing and Building Security Operations Center Rating: 3 out of 5 stars3/5Use of Cyber Threat Intelligence in Security Operation Center Rating: 0 out of 5 stars0 ratingsInformation Protection Playbook Rating: 0 out of 5 stars0 ratings
Security For You
Wireless Hacking 101 Rating: 4 out of 5 stars4/5Game Console Hacking: Xbox, PlayStation, Nintendo, Game Boy, Atari and Sega Rating: 0 out of 5 stars0 ratingsHacking For Dummies Rating: 4 out of 5 stars4/5Codes and Ciphers - A History of Cryptography Rating: 4 out of 5 stars4/5CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5Ultimate Guide for Being Anonymous: Hacking the Planet, #4 Rating: 5 out of 5 stars5/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5Hands on Hacking: Become an Expert at Next Gen Penetration Testing and Purple Teaming Rating: 3 out of 5 stars3/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5IAPP CIPP / US Certified Information Privacy Professional Study Guide Rating: 0 out of 5 stars0 ratingsPractical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5Mike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Cybersecurity for Beginners : Learn the Fundamentals of Cybersecurity in an Easy, Step-by-Step Guide: 1 Rating: 0 out of 5 stars0 ratingsNetwork+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5Remote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5Make Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5Tor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsSocial Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers Rating: 4 out of 5 stars4/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5Stealing The Network: How to Own the Box Rating: 4 out of 5 stars4/5How to Hack Like a Pornstar Rating: 5 out of 5 stars5/5Mike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5How to Be Invisible: Protect Your Home, Your Children, Your Assets, and Your Life Rating: 4 out of 5 stars4/5
Reviews for Operationalizing Information Security
0 ratings0 reviews
Book preview
Operationalizing Information Security - Scott Gordon
Operationizing Information Security - Putting the Top 10 SIEM Best Practices To Work
Processes, Metrics and Technologies
By Scott Gordon
Copyright 2010 Scott Gordon
ISBN 978-0-615-43366-0
Smashwords Edition
~~~~
Introduction
"Ask any security practitioner about their holy grail and the answer is twofold: They want one alert specifying exactly what is broken, on just the relevant events, with the ability to learn the extent of the damage. They need to pare down billions of events into actionable information. Second, they want to make the auditor go away as quickly and painlessly as possible, which requires them to streamline both the preparation and presentation aspects of the audit process. SIEM and Log Management tools have emerged to address these needs and continue to generate a tremendous amount of interest in the market, given the compelling use cases for the technologies.
Michael Rothman, Security Industry Analyst and President of Securosis ¹
The use of Security Information and Event Management (SIEM ²) as part of an integrated security management program is an information security best practice. The SIEM market category, beyond basic event logging, has been around since circa 1990’s. Whether referring to security event management, security information management, log management systems or more modern combined industry solutions, SIEM user requirements and operational considerations have evolved. How can one ensure successful SIEM implementation and on-going improvement, while at the same time further optimize resources and accelerate return on investment?
This e-book provides guidance to operationalize information security and put the top 10 SIEM best practices to work. Rather than an exhaustive examination of SIEM, the purpose is to offer pertinent insights and details with regards to how IT organizations and information security professionals can gain more assured value from SIEM.
Whether seeking to streamline incident response, automate audit and compliance processes, better manage security and business risks, or build out your deployed SIEM - this e-book presents process, metrics and technology considerations relative to SIEM implementation and security operations.
Each of the ten chapters referenced in the Table of Contents below offers:
Overview and Highlight Processes: topic introduction, process considerations, exploring operational concerns, getting results, and avoiding common pitfalls
Recommended Metrics: the more popular SIEM dashboards, reports, alerting and related operational measurements to support security operations, incident response and compliance
Technology considerations: sources, controls and related SIEM functionality
Whether seeking to streamline incident response, automate audit and compliance processes, better manage security and business risks, or build out your deployed SIEM - this e-book presents process, metrics and technology considerations relative to SIEM implementation and security operations.
Table of Contents
Chapter 1 - What is a SIEM and What are the Top Ten SIEM Best Practices
Chapter 2 - SIEM Best Practice #1 – Monitoring and reporting requirements
Chapter 3 - SIEM Best Practice #2 – Deployment and infrastructure activation
Chapter 4 - SIEM Best Practice #3 – Compliance and audit data requirements
Chapter 5 - SIEM Best Practice #4 – Access controls
Chapter 6 - SIEM Best Practice #5 – Boundary defenses
Chapter 7 - SIEM Best Practice #6 – Network and system resource integrity
Chapter 8 - SIEM Best Practice #7 – Network and host defenses
Chapter 9 - SIEM Best Practice #8 – Malware control
Chapter 10 - SIEM Best Practice #9 – Application defenses
Chapter 11 - SIEM Best Practice #10 – Acceptable Use
Chapter 12 - Conclusion
Chapter 13 - Author, Acknowledgements, References, Use and Copyrights
Note 1 - Securosis, Understanding and Selecting SIEM and Log Management
August, 2010, www.securiosis.com
Note 2 - Within this document, log management functionality and reference will be subsumed by the term SIEM.
~~~~
Chapter 1:
What is a