Professional Documents
Culture Documents
20ODMBT722 - ISM Done
20ODMBT722 - ISM Done
II
Answer: Security information management is a type of software that automates the collection of event
log data from security devices, such as such as firewalls, proxy servers, intrusion-detection systems and
anti-virus software. The short form of Security information management is SIM. The SIM translates the
logged data into correlated and simplified formats. Many SIM architecture provides security reporting,
analysis and reporting for Sarbanes-Oxley, HIPAA, Basel II, FISMA and Visa CISP compliance audits.
A SIM automates collection and analysis of information from all the security components in a network.
Rather than having to look at logs and alerts from firewall, IDS, anti-virus, VPN, and other security
systems, a security manager can obtain all of this information from a single SIM console. Some SIMs
simply aggregate reports from these various components; others correlate the information to improve the
quality of overall security information.
All Security Information Managements gather information from the sources within the network. Some
will gather information from external sources as well, ranging from public threat identification services to
proprietary correlation networks. A Security Information Management, to a great extent, adds value with
its capability of finding patterns in network traffic. This activity requires two primary traits: the capability
of gathering data from a various places and the intelligence to turn all that data into meaningful
information. Both are critical. Just as the Security Information Management must draw information from
all of the important components of your network, the correlation data must come from sources you trust.
The benefits of a Security Information Management (SIM) product can be difficult to justify. SIMs don’t
provide a direct security benefit in the way that anti-malware products do. Users don’t touch them, like a
new SSL VPN concentrator. And unlike a firewall, it’s not a foregone conclusion that everyone large or
small needs one.
With a high incidence of severe threats and attacks on information assets, IT security has become a
priority at organizations’ highest levels. In addition to mitigating threats to mission-critical network
systems, enterprises must also comply with a wide range of federal and industry regulations that require
them to implement — and verify the effectiveness of — security information management controls.
In a network of any size, the Security Information Management will be dealing with a large quantity of
data. Precisely where and how the data is processed will be the key to know whether a particular Security
Information Management can keep up with the data generated by your network.
However, a SIM can bring tremendous value by providing total visibility into your security posture, and
by leveraging security products you already have. Regulatory compliance has been a top driver for SIM
purchases, but there are a number of less obvious advantages that should be considered when selecting a
product. The key to realizing the full value of a SIM is to understand all of its advantages and leveraging
the product in a way that brings maximum benefit.