Security Information Management (SIM) - Revision history

User: The LinkTitles extension automatically added links to existing pages (https://github.com/bovender/LinkTitles).

2021-02-06T18:13:47Z

The LinkTitles extension automatically added links to existing pages (https://github.com/bovender/LinkTitles).

User at 14:56, 1 February 2021

2021-02-01T14:56:08Z

User: Created page with "'''Security event management (SEM)''' is the process of identifying, gathering, monitoring and reporting security-related events in a software, system..."

2021-02-01T14:50:06Z

Created page with "'''Security event management (SEM)''' is the process of identifying, gathering, monitoring and reporting security-related events in a software, system..."

New page

'''Security event management (SEM)''' is the [[Process|process]] of identifying, gathering, monitoring and reporting security-related events in a [[Software|software]], system or [[Information Technology (IT)|IT]] environment. SEM enables the recording and evaluation of events, and helps security or system administrators to analyze, adjust and manage the [[Information Security|information security]] architecture, policies and procedures.<ref>Definition - What is Security Information Management (SIM)? [https://www.techopedia.com/definition/25763/security-event-management Techopedia]</ref>

@@ Line 1: / Line 1: @@
-'''Security Information Management (SIM)''' is a series of processes through which data from computer event and activity logs is compiled, monitored, and analyzed. SIM refers specifically to the part of this process having to do with historical log analysis and reporting, while Security Event Management (SEM) refers to the real-time activities involved in gathering and analyzing logs. Together, these processes form a complete Security Information and Event Management (SIEM) solution.<ref>Definition - What is Security Information Management (SIM)? [https://www.solarwinds.com/security-event-manager/use-cases/sim-security-information-management Solarwinds]</ref> Security information management (SIM) is an information security industry term for the collection of data such as log files into a central repository for trend analysis.
+'''Security Information [[Management]] (SIM)''' is a series of processes through which [[data]] from [[computer]] event and activity logs is compiled, monitored, and analyzed. SIM refers specifically to the part of this [[process]] having to do with historical log analysis and reporting, while [[Security Event Management (SEM)]] refers to the real-time activities involved in gathering and analyzing logs. Together, these processes form a complete Security Information and Event Management (SIEM) solution.<ref>Definition - What is Security [[Information Management]] (SIM)? [https://www.solarwinds.com/security-event-manager/use-cases/sim-security-information-management Solarwinds]</ref> Security information management (SIM) is an information security [[industry]] term for the collection of data such as log files into a central repository for trend analysis.
 Security information management systems may:
@@ Line 10: / Line 10: @@
 *Provide automated incidence response.
 *Send alerts and generate reports.
-Commercial SIM products include ArcSight ESM, nFX's SIM One, Network Intelligence's enVision, Prism Microsystems' EventTracker, Trigeo, Symantec's Security Information Manager, Cisco Security MARS and Snare. Open source SIM products include OSSIM, a product of the Open Source Security Information Management initiative, and Prelude, from PreludeIDS.
+Commercial SIM products include ArcSight ESM, nFX's SIM One, [[Network]] Intelligence's enVision, Prism Microsystems' EventTracker, Trigeo, Symantec's Security Information [[Manager]], Cisco Security MARS and Snare. Open source SIM products include OSSIM, a [[product]] of the [[Open Source]] Security Information Management initiative, and Prelude, from PreludeIDS.
-Although SIM products can automate many tasks around security information gathering and processing, they can't operate effectively without significant effort and investment on the part of the organization in question. According to Neil Roiter, Senior Technology Editor of Information Security magazine, "Security information and event management (SIEM) products are only as good as the policies and processes they support, and the analyst resources that a company can pour into them."<ref>What is the Function of Security Information Management? [https://searchsecurity.techtarget.com/definition/security-information-management-SIM techtarget]</ref>
+Although SIM products can automate many tasks around security information gathering and processing, they can't operate effectively without significant effort and investment on the part of the [[organization]] in question. According to Neil Roiter, Senior Technology Editor of [[Information Security]] magazine, "Security information and event management (SIEM) products are only as good as the policies and processes they support, and the analyst resources that a company can pour into them."<ref>What is the Function of Security Information Management? [https://searchsecurity.techtarget.com/definition/security-information-management-SIM techtarget]</ref>

← Older revision		Revision as of 14:56, 1 February 2021
Line 1:		Line 1:
−	'''Security ~~event management~~ (~~SEM~~)''' is the ~~[[Process\|~~process~~]] of identifying~~, gathering, ~~monitoring~~ and ~~reporting~~ security-~~related~~ events in a ~~[[Software\|software]]~~, ~~system or [[~~Information ~~Technology (IT)\|IT]] environment~~. ~~SEM enables~~ the ~~recording~~ and ~~evaluation of events~~, and ~~helps security or system administrators to analyze~~, ~~adjust~~ and ~~manage~~ the [[Information Security\|information ~~security]] architecture~~, ~~policies~~ and ~~procedures~~.<ref>~~Definition -~~ What is Security Information Management ~~(SIM)~~? [https://~~www~~.~~techopedia~~.com/definition~~/25763~~/security-~~event~~-management ~~Techopedia~~]</ref>	+	'''Security Information Management (SIM)''' is a series of processes through which data from computer event and activity logs is compiled, monitored, and analyzed. SIM refers specifically to the part of this process having to do with historical log analysis and reporting, while Security Event Management (SEM) refers to the real-time activities involved in gathering and analyzing logs. Together, these processes form a complete Security Information and Event Management (SIEM) solution.<ref>Definition - What is Security Information Management (SIM)? [https://www.solarwinds.com/security-event-manager/use-cases/sim-security-information-management Solarwinds]</ref> Security information management (SIM) is an information security industry term for the collection of data such as log files into a central repository for trend analysis.
		+
		+	Security information management systems may:
		+	*Monitor events in real time.
		+	*Display a real-time view of activity.
		+	*Translate event data from various sources into a common format, typically XML.
		+	*Aggregate data.
		+	*Correlate data from multiple sources.
		+	*Cross-correlate to help administrators discern between real threats and false positives.
		+	*Provide automated incidence response.
		+	*Send alerts and generate reports.
		+	Commercial SIM products include ArcSight ESM, nFX's SIM One, Network Intelligence's enVision, Prism Microsystems' EventTracker, Trigeo, Symantec's Security Information Manager, Cisco Security MARS and Snare. Open source SIM products include OSSIM, a product of the Open Source Security Information Management initiative, and Prelude, from PreludeIDS.
		+
		+	Although SIM products can automate many tasks around security information gathering and processing, they can't operate effectively without significant effort and investment on the part of the organization in question. According to Neil Roiter, Senior Technology Editor of Information Security magazine, "Security information and event management (SIEM) products are only as good as the policies and processes they support, and the analyst resources that a company can pour into them."<ref>What is the Function of Security Information Management? [https://searchsecurity.techtarget.com/definition/security-information-management-SIM techtarget]</ref>