The Operational Role of Security Incident and Event Management Systems
Major Ali Rashid Mahmud
MSIS-14, Military College of Signals, NUST
Abstract— This document gives a review of an IEEE publication titled as “Operational Role of Security Incident and Event Management Systems”, authored by Sandeep Bhatt, Pratyusa Mandhata and Loi Zomlot of HP research laboratories. The publication gives a concise but in depth view of how security incident and event management systems operate in the overall scenario of a Security Operations Centre which is a cardinal part of a computer security incident response team in an enterprise. In the present technological age, when the success of enterprises is becoming hugely dependent on data and the information systems handling that data, ensuring the security of these critical information systems actually amounts to ensuring the security of the organization itself. In order to defend its systems and develop a reactive capability against any threats and attacks, enterprises employ their own CISRTs (computer security incident response teams). A very important operation of these CSIRTs is to monitor the complete information systems architecture round the clock for threats, breaches of security and possible attacks, and present a holistic picture of the security posture of the organization. This important operation is performed by a security operations centre (SOC) and within a SOC by the SIEM systems.
Keywords—Computer Security Incident Response Team, Security Operations Centre, Security Incident and Event Management Systems, Visualization, Big Data handling, Security analysts, Forensics
In current technological environment, organizations and enterprises have become heavily dependent on the data for carrying out successful and competitive operations. In order to efficiently maintain this data, they have deployed extensive information systems based on IT. To...