Please respond / critic the following:

======================

Three advantages of using a SIEM are:

1. SIEM solutions enable quick forensics as they can store and retrieve all log data from any device for any period.
2. SIEM solutions enable administrators to study the root causes of errors and security breaches by looking in to the log information and reports. Users can identify what exactly caused the errors (like configuration changes, etc) and which systems are vulnerable.
3. SIEM solutions help identify network threats in real time by capture and analysis of logs from thousands of devices in multiple branches.

 

Three disadvantages of using a SIEM are:

1. Many seem to believe that the system will alert on everything and if it doesn’t, that means that everything is ok.
2. It requires a human brain behind it, especially if it monitors a critical path of information.
3. There is often a considerable delay between the time an event begins and the time the SIEM sees the corresponding log data.

 

I do feel that SIEM solutions are sufficient. SIEM’s are seen as necessary part of any significant enterprise security effort. With rising trends and forms of attacks today it’s smart to deploy a Security Incident and Event Management (SIEM) solution as a proactive measure for threat management, if the following is true:

1. There is a plan in place on how the SIEM solution will be supported, because a SIEM only works if someone works it.
2. You must get something out of it for your business. You have to know your requirements before you buy. You need to answer questions like: What data sources do you need to log? Do you need real-time collection? Do you need to collect all security data or just a subset? What do you need to archive? For how long? How will you use data once collected? For Forensics? Detecting threats? Auditing and Compliance?

Which part of information assurance is the most critical: privacy, regulatory and standards compliance, auditing, business continuity, or disaster recovery? Explain why.

The most critical part of information assurance in my opinion is auditing. It has become a critical mechanism for ensuring the integrity of information systems. Auditing can help to prevent future fiascos such as Enron and WorldCom. Global economies are more interdependent than ever and geopolitical risks impact everyone. IT auditing is an integral part of the audit function. The auditing of complex technologies and communications protocols involves the Internet, intranet, extranet, electronic data interchange, client servers, local and wide area networks, data communications, telecommunications, wireless technology, and integrated voice/data/video systems. IT audit controls are very important. Today, people are shopping around at home through networks. People use "numbers" or accounts to buy what they want via shopping computers. These "numbers" are "digital money," the modern currency in the world. Digital money will bring us benefits as well as problems. "Security" is perhaps the biggest factor for individuals interested in making online purchases by using digital money, and without the auditing process it can be open season for hackers and attackers to go unnoticed.