640 words, 2.4 minutes read. By Gerard Blokdyk

Security Information and Event Management 1 big thing: Define and develop risk based cybersecurity and information security standards for the enterprise.

The big picture: Identify and implement policies and threat models utilizing data from various sources such as Security Information and Event Management (SIEM), Applications, Network, Cloud Platforms, Infrastructure, Identity Management Platforms etc.

Why it matters: Make headway so that your staff supports and oversees all the engineering activities to include change management, platform performance and stability, and initial data ingest and normalization.

Between the lines: Check that your team is conducting assessments of security control implementation, STIG compliance, and vulnerabilities, working with the ISSO and ISSE in determining risks associated with deviations/exceptions identified in those assessments, and developing associated documentation.

Be smart: Liaison so that your team provides technical expertise and support to (internal) clients, IT management and staff in cybersecurity threat risk assessments, development, testing and the implementation and operation of appropriate information security plans, procedures, and control techniques designed to prevent, minimize or quickly recover from cyber-attacks or other serious events.

What they’re saying: “Understand and expand the current manufacturing data eco-system, by mapping existing data and data gaps, in order to enable identification of sources of value with analytics revenue growth or performance improvements., Senior Vice President – IT Operations

Yes, but: Be certain that your staff is involved in a range of security technologies, processes, and tooling around vulnerability management, patch management, firewalling, networking including IAM, SIEM/SOC, IDS/IPS, DLP.

On the flip side: Develop, manage and monitor the implementation of ICT security policies and procedures in relation to information access, data backup and retention, data protection, data transfer and other relevant ICT physical and environmental security while ensuring regulatory compliance.

State of play: Work with other departments in a cross functional team to scope, develop and test program changes for new product development and existing product enhancements.

Meanwhile: Define 3rd party data security requirements and perform cyber risk assessments of Hot Topics current and prospective 3rd party vendors ensuring all appropriate controls are applied.

The backdrop: Oversee that your process is partnering with business and technology stakeholders to develop and enhance security controls, support security audits, and provide information security awareness.

The bottom line: Make sure your operation is collecting, analyzing, explaining, and presenting information to communicate the organizations mission specific to cybersecurity and infrastructure security and resilience programs, priorities, activities, accomplishments, and issues or events for external audiences.

What’s next: Operationalize relevant enterprise activities, such as supporting Business Development efforts, engaging in community of practice events to build rapport with security personnel across Company, support security maturity assessments of customer-facing programs.

ICYMI: Work with responsible design engineers to define, validate, and coordinate the release of system and subsystem bill of materials and associated CAD specifications and documents.


Look inside the Security Information and Event Management Kanban:



Want to reuse this data? Purchase your license here:

One-time payment for perpetual commercial re-use



Questions? Email us HERE


 

Get started: store.theartofservice.com/Security-Information-and-Event-Management-critical-capabilities/

 


Trusted by: Siemens, Siemens Healthineers, Siemens Energy, Siemens Gamesa Renewable Energy, Washington Metropolitan Area Transit Authority, BAE Systems, QVine Corporation, Yakshna Solutions, Sev1Tech, USP (U.S. Pharmacopeial Convention), Strategic Resources, Inc (HQ), NeoSystems, GRSi, RightDirection Technology Solutions, Ad Hoc Company Website, Tidal Basin, Johns Hopkins Applied Physics Laboratory (APL), FHLBank San Francisco, Holman Automotive Group, Colgate-Palmolive, Zimmer Biomet, United Center, Red Hat Software, The State of New Hampshire, Arkose Labs, Hot Topic Inc., Planned Parenthood, Anthem, Deloitte, University of Vermont, Abbvie, UNITED PARCEL SERVICE, Homebridge Financial Services Inc, Leidos, AlixPartners, United Nations Development Programme (UNDP), Microsoft, NW Natural, VOLT Systems, Tivity Health, Inc., Pinnacle Group, Ancestry, Amazon Dev Center U.S., Inc., Rivian Automotive, Faith Technologies Inc., Halock Security Labs, Nebraska Methodist Health System, IBM, Certilytics, Environmental Defense Fund, General Dynamics Information Technology, MetLife, City of Bellingham, P-11 SECURITY, Dollar Tree, Avant, State of Washington Auditor’s Office, Santander US, Research Innovations Inc, Carpe Data, Global Payments, MindPoint Group, LLC, Zebra Technologies, Hayden AI Technologies, Scientific Games, Bessemer Trust Company, AIG, First American, Intel, Booz Allen Hamilton, Capital One – US, Cincinnati/Northern Kentucky International Airport, Resilience, KPMG, Henry Ford Health System, MidAmerican Energy, RenPSG, Peer Solutions Group, Splunk, Belden Inc., Radford University, ActioNet, Eastern Research Group, Inc., Omega, General Dynamics Electric Boat, Sigma Defense Systems, Amazon Data Services, Inc., Zenetex LLC, Lakeland Bank, Atlantic Health System, LPL Financial, Wabash Valley Power Alliance, Redstone Federal Credit Union, Bering Straits Native Corporation