Jump to content

Main menu Navigation ●Main page ●Contents ●Current events ●Random article ●About Wikipedia ●Contact us ●Donate Contribute ●Help ●Learn to edit ●Community portal ●Recent changes ●Upload file

●Create account ●Log in ●Create account ● Log in Pages for logged out editors learn more ●Contributions ●Talk

(Top) 1 Overview 2 Terminology 3 See also 4 References

Security information management

●Français ●Oʻzbekcha / ўзбекча ●Русский ●Українська Edit links ●Article ●Talk ●Read ●Edit ●View history Tools Actions ●Read ●Edit ●View history General ●What links here ●Related changes ●Upload file ●Special pages ●Permanent link ●Page information ●Cite this page ●Get shortened URL ●Download QR code ●Wikidata item Print/export ●Download as PDF ●Printable version Appearance From Wikipedia, the free encyclopedia

This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these template messages)

This article is missing information about the purpose of the collected data and how it is used. The article could also benefit from additional context on how it relates to Information security. Please expand the article to include this information. Further details may exist on the talk page. (May 2018)

This article needs additional citations for verification. Please help improve this articlebyadding citations to reliable sources. Unsourced material may be challenged and removed.
Find sources: "Security information management" – news · newspapers · books · scholar · JSTOR (May 2018) (Learn how and when to remove this message)

(Learn how and when to remove this message)

Security information management (SIM) is an information security industry term for the collection of data such as log files into a central repository for trend analysis.^[1]

Overview[edit]

SIM products generally are software agents running on the computer systems that are monitored. The recorded log information is then sent to a centralized server that acts as a "security console". The console typically displays reports, charts, and graphs of that information, often in real time. Some software agents can incorporate local filters to reduce and manipulate the data that they send to the server, although typically from a forensic point of view you would collect all audit and accounting logs to ensure you can recreate a security incident.^[2]

The security console is monitored by an administrator who reviews the consolidated information and takes action in response to any alerts issued.^[3]^[4]

The data that is sent to the server to be correlated and analyzed are normalized by the software agents into a common form, usually XML. Those data are then aggregated in order to reduce their overall size.^[3]^[4]

Terminology[edit]

The terminology can easily be mistaken as a reference to the whole aspect of protecting one's infrastructure from any computer security breach. Due to historic reasons of terminology evolution; SIM refers to just the part of information security which consists of discovery of 'bad behavior' or policy violations by using data collection techniques.^[5] The term commonly used to represent an entire security infrastructure that protects an environment is commonly called information security management (InfoSec).

Security information management is also referred to as log management and is different from SEM (security event management), but makes up a portion of a SIEM (security information and event management) solution.^[6]

References[edit]

^ J.L. Bayuk (2007). Stepping Through the InfoSec Program. ISACA. p. 97.

^ Kelley, Diana (March 2004). "Report: Security Management Convergence via SIM (Security Information Management)—A Requirements Perspective". Journal of Network and Systems Management. 12 (1): 137–144. doi:10.1023/B:JONS.0000015702.05980.d2. ISSN 1064-7570. S2CID 1204926.

^ ^a ^b John Wylder (2004). Strategic Information Security. CRC Press. p. 172. ISBN 9780849320415.

^ ^a ^b Cyrus Peikari and Anton Chuvakin (2004). Security Warrior. O'Reilly. pp. 421–422. ISBN 9780596552398. Retrieved 17 January 2014.

^ Kelley, Diana (2004-03-01). "Security Management Convergence via SIM (Security Information Management)—A Requirements Perspective". Journal of Network & Systems Management. 12 (1): 137–144. doi:10.1023/B:JONS.0000015702.05980.d2. ISSN 1064-7570. S2CID 1204926.

^ http://www.siem.su/ SIEM Analytics (in Russian)

This computer security article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Security_information_management&oldid=1157669455" Categories: ●Computer security ●Computer security stubs Hidden categories: ●Articles to be expanded from May 2018 ●Articles needing additional references from May 2018 ●All articles needing additional references ●Articles with multiple maintenance issues ●All stub articles ●This page was last edited on 30 May 2023, at 06:05 (UTC). ●Text is available under the Creative Commons Attribution-ShareAlike License 4.0; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc., a non-profit organization. ●Privacy policy ●About Wikipedia ●Disclaimers ●Contact Wikipedia ●Code of Conduct ●Developers ●Statistics ●Cookie statement ●Mobile view