647 words, 2.4 minutes read. By Gerard Blokdyk
Security Information and Event Management 1 big thing: Make sure your company identifies gaps and recommends changes to the Incident Response Plan.
The big picture: Oversee that your design is developing and updating system security plans; managing and controlling changes to specific systems and assessing the security impact of those changes; incident handling; and development of information system security documentation, policies, and procedures.
Why it matters: Certify your organization has involvement in Networking and Network Security products including Managed Detection and Response, Next Gen Firewalls, IDS/IPS, SIEM Solutions, SOAR, Cloud Security, End Point Security, Vulnerability and Penetration Testing Services.
What we’re hearing: “Communicate the performance and health of the security program at regular intervals by participating in the development of standard update reports, scorecards, and trend summaries.“, Staff AI Scientist – Neuroscience
Be smart: Analyze and investigate adverse events and incidents using an enterprise security information and event monitoring (SIEM), logs from firewalls, IDS/IPS, proxies, servers, endpoints and other network devices to determine threats, attack vector, scope of activity, and appropriate response.
What to watch: Determine requirements and lead the selection, implementation, and management of an ERM GRC/BC software application(s) (to include risk assessments, risk event repository, Compliance, Information Security and BC components).
How it works: Ensure your company is managing and supporting user facing security technologies (MDM, Endpoint Security Technologies, E mail Security Gateways, SIEM, DLP, CASB, and Authentication).
The backdrop: Review project information with subcontractor, communicate project schedule and project specific installation requirements, answer questions to assure proper installation, and enforce installation procedures per BBS standards.
Between the lines: Ensure your incident handlers are responsible for triaging security alerts detected by Enterprise Detection and SIEM, analyzing all available data to determine if a cyber-attack is occurring, scoping the extent of a suspected attack, coordinating efforts to contain attacks, performing forensic investigations to determine the details around an attack, and providing guidance on remediation actions.
On the flip side: Be confident that your organization performs activities related to Splunk Cloud and Splunk Enterprise Security, SIEM, and additional logging related security platforms and functions as.
Meanwhile: Check that your group collaborates across internal teams and works with (internal) customers to assess and evaluate compliant cloud migration configurations, best practices, and recommended technical approaches diagnosis, troubleshoot, and configure migrated VMs.
The bottom line: Verify that your organization is managing and delivering security related tooling and infrastructure projects including identity access management, endpoint security, network monitoring, security information and event management (SIEM) platforms, and zero trust.
What’s next: Manage a team of analysts that perform evaluations of cybersecurity capabilities and determine maturity scores and effectiveness of capability implementation using the NIST Cybersecurity Framework (CSF) across the enterprise.
ICYMI: Ensure you have exposure to managing technologies and supplier relationships with across security solution technology solutions as EDR, DLP, IPS, IDS, SIEM, Cloud Security, etc.
Look inside the Security Information and Event Management Kanban:
Want to reuse this data? Purchase your license here:
One-time payment for perpetual commercial re-use
Questions? Email us HERE
Trusted by: Siemens, Siemens Healthineers, Siemens Energy, Siemens Gamesa Renewable Energy, Washington Metropolitan Area Transit Authority, BAE Systems, QVine Corporation, Yakshna Solutions, Sev1Tech, USP (U.S. Pharmacopeial Convention), Strategic Resources, Inc (HQ), NeoSystems, GRSi, RightDirection Technology Solutions, Ad Hoc Company Website, Tidal Basin, Johns Hopkins Applied Physics Laboratory (APL), FHLBank San Francisco, Holman Automotive Group, Colgate-Palmolive, Zimmer Biomet, United Center, Red Hat Software, The State of New Hampshire, Arkose Labs, Hot Topic Inc., Planned Parenthood, Anthem, Deloitte, University of Vermont, Abbvie, UNITED PARCEL SERVICE, Homebridge Financial Services Inc, Leidos, AlixPartners, United Nations Development Programme (UNDP), Microsoft, NW Natural, VOLT Systems, Tivity Health, Inc., Pinnacle Group, Ancestry, Amazon Dev Center U.S., Inc., Rivian Automotive, Faith Technologies Inc., Halock Security Labs, Nebraska Methodist Health System, IBM, Certilytics, Environmental Defense Fund, General Dynamics Information Technology, MetLife, City of Bellingham, P-11 SECURITY, Dollar Tree, Avant, State of Washington Auditor’s Office, Santander US, Research Innovations Inc, Carpe Data, Global Payments, MindPoint Group, LLC, Zebra Technologies, Hayden AI Technologies, Scientific Games, Bessemer Trust Company, AIG, First American, Intel, Booz Allen Hamilton, Capital One – US, Cincinnati/Northern Kentucky International Airport, Resilience, KPMG, Henry Ford Health System, MidAmerican Energy, RenPSG, Peer Solutions Group, Splunk, Belden Inc., Radford University, ActioNet, Eastern Research Group, Inc., Omega, General Dynamics Electric Boat, Sigma Defense Systems, Amazon Data Services, Inc., Zenetex LLC, Lakeland Bank, Atlantic Health System, LPL Financial, Wabash Valley Power Alliance, Redstone Federal Credit Union, Bering Straits Native Corporation