Page 15 - DCAP309_INFORMATION_SECURITY_AND_PRIVACY
P. 15

Unit 1: Information Systems




          3.   Maintaining the integrity and availability of information services, networks and supporting  Notes
               infrastructure.
          4.   Preventing damage to assets by controlling and physically protecting computer media.

          1.6 Importance of Security Information Management


          With a high incidence of severe threats and attacks on information assets, IT security has become
          a priority at organizations’ highest levels. In addition to mitigating threats to mission-critical
          network systems, enterprises must also comply with  a wide range of  federal and industry
          regulations  that require  them to implement — and verify  the effectiveness of — security
          information management controls.
          In a network of any size, the Security Information Management will be dealing with a large
          quantity of data. Precisely where and how the data is processed will be the key to know whether
          a particular Security Information Management can keep up with the data generated by your
          network.

          Almost all Security Information Managements have two primary components for the creation
          and presentation of information: the Security Information Management appliance itself and a
          dashboard application running on a remote workstation. If all the information is processed in
          either the appliance or the dashboard  workstation, performance can become an issue when
          either network traffic or incidents become high in density.

               !
             Caution Delayed security information can result in falling victim to an attack that  you
             might have survived.

          1.7 How Security Information Management Works?

          All Security Information Managements gather information from the sources within the network.
          Some will  gather  information  from external  sources  as  well,  ranging  from  public  threat
          identification services to proprietary correlation networks. A Security Information Management,
          to a great extent, adds value with its capability of finding patterns in network traffic.
          This activity requires two primary traits: the capability of gathering data from a various places
          and the intelligence to turn all that data into meaningful information. Both are critical. Just as
          the  Security  Information  Management must draw information  from  all  of  the  important
          components of your network, the correlation data must come from sources you trust.

          1.8 Advantages of Information Management Security


          The benefits of a Security Information Management (SIM) product can be difficult to justify. SIMs
          don’t provide a direct security benefit in the way that anti-malware products do. Users don’t
          touch them, like a new SSL VPN concentrator. And unlike a firewall, it’s not a foregone conclusion
          that everyone large or small needs one.
          However, a SIM can bring tremendous value by providing total visibility into your security
          posture, and by leveraging security products you  already have. Regulatory compliance has
          been a top driver for SIM purchases, but there are a number of less obvious advantages that
          should be considered when selecting a product. The key to realizing the full value of a SIM is to
          understand all of its advantages and leveraging the product in a way that brings maximum
          benefit.




                                           LOVELY PROFESSIONAL UNIVERSITY                                    9
   10   11   12   13   14   15   16   17   18   19   20