HOME

TheInfoList



Click Here for Items Related To - Security Information Management
OR:
Security Information Management on:   [Wikipedia]   [Google]   [Amazon]

Security information management (SIM) is an
information security Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorize ...
industry term for the collection of data such as
log files In computing, logging is the act of keeping a log of events that occur in a computer system, such as problems, errors or just information on current operations. These events may occur in the operating system or in other software. A message or l ...
into a central repository for trend analysis.


Overview

SIM products generally are software agents running on the computer systems that are monitored. The recorded log information is then sent to a centralized server that acts as a "security console". The console typically displays reports, charts, and graphs of that information, often in real time. Some software agents can incorporate local filters to reduce and manipulate the data that they send to the server, although typically from a forensic point of view you would collect all audit and accounting logs to ensure you can recreate a security incident. The security console is monitored by an administrator who reviews the consolidated information and takes action in response to any alerts issued. The data that is sent to the server to be correlated and analyzed are normalized by the software agents into a common form, usually
XML Extensible Markup Language (XML) is a markup language and file format for storing, transmitting, and reconstructing arbitrary data. It defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. T ...
. Those data are then aggregated in order to reduce their overall size.


Terminology

The terminology can easily be mistaken as a reference to the whole aspect of protecting one's infrastructure from any computer security breach. Due to historic reasons of terminology evolution; SIM refers to just the part of information security which consists of discovery of 'bad behavior' or policy violations by using data collection techniques. The term commonly used to represent an entire security infrastructure that protects an environment is commonly called
information security management Information security management (ISM) defines and manages controls that an organization needs to implement to ensure that it is sensibly protecting the confidentiality, availability, and integrity of assets from threats and vulnerabilities. The cor ...
(InfoSec). Security information management is also referred to as log management and is different from SEM ( security event management), but makes up a portion of a
SIEM Siem is a surname. Notable people with the surname include: * Charlie Siem (born 1986), British violinist * Kjetil Siem (born 1960), Norwegian businessperson, journalist, author and sports official * Kristian Siem (born 1949), Norwegian businessman ...
(security information and event management) solution.http://www.siem.su/ SIEM Analytics (in Russian)


See also

*
Information security Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorize ...
*
Information security management Information security management (ISM) defines and manages controls that an organization needs to implement to ensure that it is sensibly protecting the confidentiality, availability, and integrity of assets from threats and vulnerabilities. The cor ...
*
Information security management system Information security management (ISM) defines and manages controls that an organization needs to implement to ensure that it is sensibly protecting the confidentiality, availability, and integrity of assets from threats and vulnerabilities. The core ...
*
Security Information and Event Management Security information and event management (SIEM) is a field within the field of computer security, where software products and services combine security information management (SIM) and security event management (SEM). They provide real-time ana ...
* Security event manager


References

Computer security {{computer-security-stub