I believe this is a complex, multi-facet problem as it involves:
- Organisational policies
- Potential threats and related risks
- Processes and controls put in place to mitigate these risks
- Areas that are anyway vulnerable and need further monitoring and introspection
- Technologies and solutions to log, monitor/audit and correlate various information collected within (and potentially across) the IT stack of the organisation
- Relevant metrics to convey issues and problems to a variety of stakeholders, including IT managers, security and risk managers, business managers, etc.
I am looking for case studies, documents and public material providing instances of how the overall process is actually carried out within organisations.
In particular, I am interested in better understanding the decision making process (carried out by strategic decision makers such as CIOs, CISOs) that is at the base of adopting monitoring controls, in particular “Security Incident Event Management (SIEM)” solutions.
Here are a few specific questions I am interested to explore:
- Which areas are usually perceived being at risk and require further monitoring?
- How trade-offs between investments and costs are actually dealt with by the various stakeholders?
- Which evidence is usually provided to the stakeholders to reassure them that specific risks are mitigated by monitoring specific areas (e.g. with SIEM tools)?
Ideally, I’d like to investigate the economic framework. trade-offs and the decision making process that is at the base of making investments in SIEM solutions and how Security Analytics (decision support by means of modelling and simulation) can help in this space …
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: use this mirror blog if you prefer posting on an external blog site ---
--- NOTE: my original HP blog can be found here ---
No comments:
Post a Comment