MEMORANDUM
To: Security Analyst
From: CISO
Subject: Security Information and Event Management at the company
The Senior IT and Security management team was recently convened to discuss a number of issues. Among those issues was the future utility of a more coherent and complete approach to security log data, the usefulness of that data, and whether or not a Security Event and Incident Management program might be of value at our company.
Your assignment is to gain some further insight into the technology and then make a recommendation regarding how we might deploy and use a SIEM program and its related tools.
Please begin by performing a complete policy review for all enterprise and issue-specific policies that currently exist at in our organization which night impact, influence or, affect the use of a SIEM toolset here.
Next, explore the knowledge domain of SIEM by reading supplementary information and using resources you have been provided including online instruction and demonstrations. You have also been asked to write a short SIEM experience report. You can perform any other research you care to add for your own insight and may care to download, install and use the indicated tool.
You may assume that the recent network security improvements (both to the organizational policy environment and the upgrades to the network security program) have been completed.
It is my opinion that SIEM is a viable option for our organization. Please use your augmented knowledge of SIEM and your understanding of the company’s environment to prepare a proposal for SIEM deployment here. Please see the provided template for the proposal. Be sure to complete all sections of the proposal.
Your report back to me should include:
- A cover memorandum that transmits the report and also includes an executive summary of the entire report.
- The report:
- A brief statement of the current policy environment as it applies to SIEM at the firm.
- A set of recommendations for any needed changes to policy (enterprise, issue-specific, or system-specific) within the company to make it possible for SIEM to be used to best effect.
- Careful consideration of the feature set that should be available in any SIEM system adopted here so that it has the ability to meet the organization’s needs.
- A proposal for a SIEM solution for the company using the template that has been provided to you.
Thank you in advance for your efforts on this project.