CSIA 310: Cybersecurity Processes & Technologies
Case Study #4: Technology & Product Review for an SIEM Solution
Case Scenario: Security Operations Control Centers (SOCC) are a necessity for large businesses and government
agencies. But, for a small to medium sized business such as Sifers-Grayson, the expense of setting up and
operating a SOCC may outweigh the benefits. Instead of a full SOCC, smaller companies may decide to invest in an enterprise monitoring technology such as a Security Information and Event Management (SIEM) tool. Such tools can be used by to monitor the enterprise, collect information, and report upon security events (generate alerts and alarms). Your task for this case study is to identify, assess, and recommend an SIEM tool which is appropriate for Sifers-Grayson and which could be used to support the
activities of a SOCC should Sifers-Grayson decide to establish this organization as a separate operating unit.
Research:
1.Review the weekly readings.
2.Choose one of the SIEM products from the Gartner Magic Quadrant analyses. 3.Research your chosen product using the vendor’s website and product information brochures. (Vendors for highly rated products will provide a copy of Gartner’s most recent Magic Quadrant report on their websites but, registration is required.)
4.Find three or more additional sources which provide reviews for (a) your chosen product or (b) general information about SIEM technologies and solutions.
Write:
Write a 3 page summary of your research. At a minimum, your summary must include the following:
1.An introduction or overview for the security technology category (SIEM).
2.A review of the features, capabilities, and deficiencies for your selected vendor and product 3.Discussion of how the selected product could be used by your client to support its cybersecurity objectives by reducing risk, increasing resistance to threats/attacks, decreasing
vulnerabilities, etc.
4.A closing section in which you restate your recommendation for a product (include the three
most important benefits).
As you write your review, make sure that you address security issues using standard cybersecurity terminology (e.g. protection, detection, prevention, “governance,” confidentiality, integrity,
availability, nonrepudiation, assurance, etc.). See the ISACA glossary https://www.isaca.org/pages/glossary.aspx if you need a refresher on acceptable terms and definitions. Copyright ©2016 by University of Maryland University College. All Rights ReservedThis study source was downloaded by 100000883835319 from CourseHero.com on 04-17-2024 04:00:53 GMT -05:00
https://www.coursehero.com/file/25228097/CSIA-310-Case-Study-4-SIEM-v5docx/
Case Study #4: Technology & Product Review for an SIEM Solution
Case Scenario: Security Operations Control Centers (SOCC) are a necessity for large businesses and government
agencies. But, for a small to medium sized business such as Sifers-Grayson, the expense of setting up and
operating a SOCC may outweigh the benefits. Instead of a full SOCC, smaller companies may decide to invest in an enterprise monitoring technology such as a Security Information and Event Management (SIEM) tool. Such tools can be used by to monitor the enterprise, collect information, and report upon security events (generate alerts and alarms). Your task for this case study is to identify, assess, and recommend an SIEM tool which is appropriate for Sifers-Grayson and which could be used to support the
activities of a SOCC should Sifers-Grayson decide to establish this organization as a separate operating unit.
Research:
1.Review the weekly readings.
2.Choose one of the SIEM products from the Gartner Magic Quadrant analyses. 3.Research your chosen product using the vendor’s website and product information brochures. (Vendors for highly rated products will provide a copy of Gartner’s most recent Magic Quadrant report on their websites but, registration is required.)
4.Find three or more additional sources which provide reviews for (a) your chosen product or (b) general information about SIEM technologies and solutions.
Write:
Write a 3 page summary of your research. At a minimum, your summary must include the following:
1.An introduction or overview for the security technology category (SIEM).
2.A review of the features, capabilities, and deficiencies for your selected vendor and product 3.Discussion of how the selected product could be used by your client to support its cybersecurity objectives by reducing risk, increasing resistance to threats/attacks, decreasing
vulnerabilities, etc.
4.A closing section in which you restate your recommendation for a product (include the three
most important benefits).
As you write your review, make sure that you address security issues using standard cybersecurity terminology (e.g. protection, detection, prevention, “governance,” confidentiality, integrity,
availability, nonrepudiation, assurance, etc.). See the ISACA glossary https://www.isaca.org/pages/glossary.aspx if you need a refresher on acceptable terms and definitions. Copyright ©2016 by University of Maryland University College. All Rights ReservedThis study source was downloaded by 100000883835319 from CourseHero.com on 04-17-2024 04:00:53 GMT -05:00
https://www.coursehero.com/file/25228097/CSIA-310-Case-Study-4-SIEM-v5docx/
