College of Computer Information Technology
Academic Year 2015 – 2016
Semester ☐ Fall
Course Code – Name CIT 410 – Advanced topics in CIT
Instructor Dr. Louay Karadsheh
Exam ☐ Midterm
☐ Final ☒ Assignment ☐ Quiz
Duration Choose an item.
Date Saturday, March 12, 2016
Question CLO Max Score Student Score
#1 1,2, 3, 4,5
What is SIEM and why we need to use SIEM in companies?
Security Information event management (SIEM) refers to the collection, assimilation, syncing and analysis of data for various purposes related to a network. It is one form of specialized tool that is developed for information security and managing the events. It consists of provisions for reducing the events and at the same time, it provides alerts related to the real time. It also provides specialized approaches towards the development of specific workflows that will help in safeguarding the violation of security in the network (Murphy, 2014). There are many purposes of using a SIEM in the company where the main function is to provide a security to the information and develop a smooth work flow through an event-driven system that ensures that the log management in the network is maintained effectively.
Distinguish the relationship between log management and SIEM?
Log management is a tool that helps in collecting the data and analyzing it in a network. However, SIEM tends to be a specialized tool that is developed for proper management of events and data that is required for smooth functioning of a network. SIEM provides the features like real time alerting to the users and this is not available in Log management. Log management provides only historical analysis of data whereas SIEM provides the function of correlation between the data and the historical analysis. SIEM provides high prioritization of the important and significant events existing in the network (Shipley, 2008).
Determine how SIEM can improve security?
SIEM is a specialized tool for storing the data and analysis it and it also provides correlation of the historical analysis of the data and events that are existing in the network.
It provides a comprehensive incident management that has the feature to allow analysts to detect and report the threats and violations that occur in the security and the elements related to the security of events and data. SIEM can contribute on a large scale to improve security and achieve high levels of security through the analysis and synchronization of data that is event-driven through proper retrieval and collection of data through the system (Aguirre, 2012).
Evaluate how SIEM can detect and analyze threats?
SIEM provides an extensive function of logging where it does not only maintain logs through collecting them but also review them whenever necessary. It provides an additional structure to the logging system where it reviews the events and provides real time alerting to the data that is collected by the user. It also provides and retrieves important event-driven data that is to be produced to correlate the data with the flow of events. It also provides the function of compliance where the functions that are provided and the data that is collected complies with the existing security and auditing processes that are involved in it (Miller, Harris, Harper, VanDyke, & Blask, 2010).
How SIEM will evolve in future?
There is a huge scope and future potential for SIEM in the future as the necessity of logging system and retrieval as well as analysis of data through an event-driven system is increasing tremendously. At the same time, there are many functions that are to be developed for increasing the comfort and reducing the complexity that is observed in data storage and retrieval. It has the scope to accomplish compliance with different functions and log management appliances that are related to the development of s security system that has a completely self-driven event handling and log management across the network (Murphy, 2014).
Thus, it can be stated that SIEM is one of the most emerging technology of the decade and it will help in taking the data storage, analysis and retrieval system to great heights in the future.
Aguirre, I. &. (2012). Improving the automation of security information management: A collaborative approach. . Security & Privacy, 55-59.
Miller, D., Harris, S., Harper, A., VanDyke, S., & Blask, C. (2010). Security information and event management (SIEM) implementation. . McGraw Hill Professional.
Murphy, R. (2014, April 3). SIEM, Log Management and Compliance: Differences Explained. Retrieved from http://www.blackstratus.com: http://www.blackstratus.com/blog/siem-log-management-compliance/
Shipley, G. (2008, June 30). Are SIEM and log management the same thing? Retrieved from http://www.networkworld.com: http://www.networkworld.com/article/2280829/lan-wan/are-siem-and-log-management-the-same-thing-.html