Operationalizing Information Security: Putting the Top 10 SIEM Best Practices to Work
By Scott Gordon
()
About this ebook
Applying a top 10 best practices approach to leverage security information event management (SIEM), this e-book offers infosec professionals the means to gain more assured value from SIEM. Whether seeking to streamline incident response, automate compliance processes, better manage security and operational risk, or build out deployments, examine key process, metrics and technology considerations.
Scott Gordon
Scott Gordon is a successful children's book author, with over two hundred books to his credit. He also writes science fiction, fantasy and horror under the pen name S.E. Gordon.
Read more from Scott Gordon
Alphabet All-Stars Rating: 0 out of 5 stars0 ratingsHappy New Year Rating: 0 out of 5 stars0 ratingsAlphabet All-Stars: Be Safe This Halloween: Alphabet All-Stars Rating: 5 out of 5 stars5/5Scaredy-Monster Rating: 0 out of 5 stars0 ratingsAlphabet All-Stars: Colorful Cards: Alphabet All-Stars Rating: 0 out of 5 stars0 ratings
Related to Operationalizing Information Security
Related ebooks
NIST Cybersecurity Framework: A pocket guide Rating: 0 out of 5 stars0 ratingsInformation Security for Small and Midsized Businesses Rating: 0 out of 5 stars0 ratingsBuilding Effective Cybersecurity Programs: A Security Manager’s Handbook Rating: 4 out of 5 stars4/5Security Operations Center - Analyst Guide: SIEM Technology, Use Cases and Practices Rating: 4 out of 5 stars4/5Security Assessment and Testing: CISSP, #6 Rating: 2 out of 5 stars2/5Security Engineering: CISSP, #3 Rating: 0 out of 5 stars0 ratingsModern Cybersecurity Practices: Exploring And Implementing Agile Cybersecurity Frameworks and Strategies for Your Organization Rating: 0 out of 5 stars0 ratingsSecurity Operations Center - SIEM Use Cases and Cyber Threat Intelligence Rating: 0 out of 5 stars0 ratingsInfosec Management Fundamentals Rating: 5 out of 5 stars5/5Cloud Security and Governance: Who's on your cloud? Rating: 1 out of 5 stars1/5The Cybersecurity Maturity Model Certification (CMMC) – A pocket guide Rating: 0 out of 5 stars0 ratingsAsset Security: CISSP, #2 Rating: 0 out of 5 stars0 ratingsInformation Security Governance: A Practical Development and Implementation Approach Rating: 0 out of 5 stars0 ratingsComputer Incident Response and Forensics Team Management: Conducting a Successful Incident Response Rating: 4 out of 5 stars4/5Information Protection Playbook Rating: 0 out of 5 stars0 ratingsStart-Up Secure: Baking Cybersecurity into Your Company from Founding to Exit Rating: 0 out of 5 stars0 ratingsAuthorizing Official Handbook: for Risk Management Framework (RMF) Rating: 0 out of 5 stars0 ratingsCyber Breach Response That Actually Works: Organizational Approach to Managing Residual Risk Rating: 0 out of 5 stars0 ratingsCyber Essentials: A Pocket Guide Rating: 5 out of 5 stars5/5Enterprise Security: A Data-Centric Approach to Securing the Enterprise Rating: 0 out of 5 stars0 ratingsBuilding a Practical Information Security Program Rating: 5 out of 5 stars5/5The Certified Ethical Hacker Exam - version 8 (The concise study guide) Rating: 3 out of 5 stars3/5Security Operations: CISSP, #7 Rating: 0 out of 5 stars0 ratingsSoftware Development Security: CISSP, #8 Rating: 0 out of 5 stars0 ratingsCISSP Exam Study Guide: NIST Framework, Digital Forensics & Cybersecurity Governance Rating: 5 out of 5 stars5/5Cyber Security: Essential principles to secure your organisation Rating: 0 out of 5 stars0 ratingsApplication Security in the ISO27001 Environment Rating: 0 out of 5 stars0 ratingsAlice and Bob Learn Application Security Rating: 0 out of 5 stars0 ratings
Security For You
Social Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5Hacking For Dummies Rating: 4 out of 5 stars4/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5How to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5How to Be Invisible: Protect Your Home, Your Children, Your Assets, and Your Life Rating: 4 out of 5 stars4/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5The Hacker Crackdown: Law and Disorder on the Electronic Frontier Rating: 4 out of 5 stars4/5Blockchain Basics: A Non-Technical Introduction in 25 Steps Rating: 5 out of 5 stars5/5CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsNetwork+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5Mike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5CompTIA Network+ Practice Tests: Exam N10-008 Rating: 0 out of 5 stars0 ratingsPractical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5CompTIA CySA+ Practice Tests: Exam CS0-002 Rating: 0 out of 5 stars0 ratingsHacking: Ultimate Beginner's Guide for Computer Hacking in 2018 and Beyond: Hacking in 2018, #1 Rating: 4 out of 5 stars4/5The Cyber Attack Survival Manual: Tools for Surviving Everything from Identity Theft to the Digital Apocalypse Rating: 0 out of 5 stars0 ratingsRemote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5Mike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry Rating: 4 out of 5 stars4/5The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers Rating: 4 out of 5 stars4/5Make Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5CompTIA Security+ Certification Study Guide, Fourth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5The Pentester BluePrint: Starting a Career as an Ethical Hacker Rating: 4 out of 5 stars4/5Tor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5
Reviews for Operationalizing Information Security
0 ratings0 reviews
Book preview
Operationalizing Information Security - Scott Gordon
Operationizing Information Security - Putting the Top 10 SIEM Best Practices To Work
Processes, Metrics and Technologies
By Scott Gordon
Copyright 2010 Scott Gordon
ISBN 978-0-615-43366-0
Smashwords Edition
~~~~
Introduction
"Ask any security practitioner about their holy grail and the answer is twofold: They want one alert specifying exactly what is broken, on just the relevant events, with the ability to learn the extent of the damage. They need to pare down billions of events into actionable information. Second, they want to make the auditor go away as quickly and painlessly as possible, which requires them to streamline both the preparation and presentation aspects of the audit process. SIEM and Log Management tools have emerged to address these needs and continue to generate a tremendous amount of interest in the market, given the compelling use cases for the technologies.
Michael Rothman, Security Industry Analyst and President of Securosis ¹
The use of Security Information and Event Management (SIEM ²) as part of an integrated security management program is an information security best practice. The SIEM market category, beyond basic event logging, has been around since circa 1990’s. Whether referring to security event management, security information management, log management systems or more modern combined industry solutions, SIEM user requirements and operational considerations have evolved. How can one ensure successful SIEM implementation and on-going improvement, while at the same time further optimize resources and accelerate return on investment?
This e-book provides guidance to operationalize information security and put the top 10 SIEM best practices to work. Rather than an exhaustive examination of SIEM, the purpose is to offer pertinent insights and details with regards to how IT organizations and information security professionals can gain more assured value from SIEM.
Whether seeking to streamline incident response, automate audit and compliance processes, better manage security and business risks, or build out your deployed SIEM - this e-book presents process, metrics and technology considerations relative to SIEM implementation and security operations.
Each of the ten chapters referenced in the Table of Contents below offers:
Overview and Highlight Processes: topic introduction, process considerations, exploring operational concerns, getting results, and avoiding common pitfalls
Recommended Metrics: the more popular SIEM dashboards, reports, alerting and related operational measurements to support security operations, incident response and compliance
Technology considerations: sources, controls and related SIEM functionality
Whether seeking to streamline incident response, automate audit and compliance processes, better manage security and business risks, or build out your deployed SIEM - this e-book presents process, metrics and technology considerations relative to SIEM implementation and security operations.
Table of Contents
Chapter 1 - What is a SIEM and What are the Top Ten SIEM Best Practices
Chapter 2 - SIEM Best Practice #1 – Monitoring and reporting requirements
Chapter 3 - SIEM Best Practice #2 – Deployment and infrastructure activation
Chapter 4 - SIEM Best Practice #3 – Compliance and audit data requirements
Chapter 5 - SIEM Best Practice #4 – Access controls
Chapter 6 - SIEM Best Practice #5 – Boundary defenses
Chapter 7 - SIEM Best Practice #6 – Network and system resource integrity
Chapter 8 - SIEM Best Practice #7 – Network and host defenses
Chapter 9 - SIEM Best Practice #8 – Malware control
Chapter 10 - SIEM Best Practice #9 – Application defenses
Chapter 11 - SIEM Best Practice #10 – Acceptable Use
Chapter 12 - Conclusion
Chapter 13 - Author, Acknowledgements, References, Use and Copyrights
Note 1 - Securosis, Understanding and Selecting SIEM and Log Management
August, 2010, www.securiosis.com
Note 2 - Within this document, log management functionality and reference will be subsumed by the term SIEM.
~~~~
Chapter 1:
What is a