Cybersecurity Processes And Technologies
Case Study #4: Technology & Product Review for an SIEM Solution
Case Scenario:
Security Operations Control Centers (SOCC) are a necessity for large businesses and government agencies. But, for a small to medium sized business such as Sifers-Grayson, the expense of setting up and operating a SOCC may outweigh the benefits. Instead of a full SOCC, smaller companies may decide to invest in an enterprise monitoring technology such as a Security Information and Event Management (SIEM) tool. Such tools can be used by to monitor the enterprise, collect information, and report upon security events (generate alerts and alarms). Your task for this case study is to identify, assess, and recommend an SIEM tool which is appropriate for Sifers-Grayson and which could be used to support the activities of a SOCC should Sifers-Grayson decide to establish this organization as a separate operating unit.
The major assignment due this week is: Case Study #4: SIEM Technology & Product Review. For this assignment, you will research SIEM technologies and then write a product review for a currently available product. These products collect, analyze, and report on event data generated by network sensors, intrusion detection systems, firewalls, etc. Product capabilities include real-time monitoring & threat analytics. (The SIEM readings from this week should be completed before beginning your research and writing for your selected SIEM product.)
Research:
1. Review the weekly readings.
2. Choose one of the SIEM products from the Gartner Magic Quadrant analyses.
3. Research your chosen product using the vendor’s website and product information brochures. (Vendors for highly rated products will provide a copy of Gartner’s most recent Magic Quadrant report on their websites but, registration is required.)
4. Find three or more additional sources which provide reviews for (a) your chosen product or (b) general information about SIEM technologies and solutions.
Write:
Write a minimum of 3 pages summary of your research. At a minimum, your summary must include the following:
1. An introduction or overview for the security technology category (SIEM).
2. A review of the features, capabilities, and deficiencies for your selected vendor and product
3. Discussion of how the selected product could be used by your client to support its cybersecurity objectives by reducing risk, increasing resistance to threat loss/attacks, decreasing vulnerabilities, etc.
4. A closing section in which you restate your recommendation for a product (include the three most important benefits).
As you write your review, make sure that you address security issues using standard cybersecurity terminology (e.g. protection, detection, prevention, “governance,” confidentiality, integrity, availability, nonrepudiation, assurance, etc.). See the ISACA glossary https://www.isaca.org/pages/glossary.aspx if you need a refresher on acceptable terms and definitions.
As you write your review, make sure that you address security issues using standard cybersecurity terminology (e.g. 5 Pillars IA, 5 Pillars Information Security).
Submit For Grading
1. There is no penalty for writing more than 3 pages but, clarity and conciseness are valued. If your case study paper is shorter than 3 pages, you may not have sufficient content to meet the assignment requirements (see the rubric).
2. You are expected to credit your sources using in-text citations and reference list entries. Both your citations and your reference list entries must follow a consistent citation style (APA, MLA, etc.).
3. Consult the grading rubric for specific content and formatting requirements for this assignment.
4. For the submission of this assignment (All Projects), you are required to submit your work through Turnitin.
Weekly readings.
· Review Part IV: Network Security (Ch 9-12) in The InfoSec Handbook- see attachment
· What is SIEM Software? How it works and how to choose the right tool- https://www.csoonline.com/article/2124604/what-is-siem-software-how-it-works-and-how-to-choose-the-right-tool.html
· 8 Best SIEM Tools: A Guide to Security Information and Event Management- https://www.comparitech.com/net-admin/siem-tools/
· May 2018 Product Reviews: SIEM and UTM-NGFW- https://www.scmagazine.com/home/reviews/may-2018-product-reviews-siem-and-utm-ngfw/
Rubric Name: Case Study: Technology & Product Review Rubric
|
Criteria |
Excellent |
|
Provided an introduction or overview for the security technology category |
Provided an excellent overview of the security technology category assigned for this case study. The overview appropriately used information from 3 or more authoritative sources, i.e. journal articles, industry or trade publications, news articles, industry or government white papers and authoritative Web sites. |
|
Identified and Reviewed a Vendor product |
Provided an excellent review of the features, capabilities, and deficiencies for a selected vendor product in the assigned security technology category. The review appropriately used information from 5 or more authoritative sources, i.e. journal articles, industry or trade publications, news articles, industry or government white papers and authoritative Web sites. |
|
Reported on how the product could be used to support cybersecurity objectives (i.e. confidentiality, integrity, availability, authorization, authentication, etc.) |
Provided an excellent discussion of how the selected product could be used to support cybersecurity objectives by reducing risk, increasing resistance to threats/attacks, decreasing vulnerabilities, etc. Discussion provided five or more specific examples of how use of this product would positively impact cybersecurity for information, information systems, and/or networks. The discussion was supported by information drawn from authoritative sources. |
|
Professionalism: Use of Cybersecurity Terminology |
Demonstrated excellence in the use of standard cybersecurity terminology to support discussion of the technology. Appropriately used 5 or more standard terms. |
|
Professionalism: Use of Authoritative Sources / Resources |
Work contains a reference list containing entries for all cited resources. Sufficient information is provided to allow a reader to find and retrieve the cited sources. Reference list entries and in-text citations are consistently and correctly formatted using an appropriate citation style (APA, MLA, etc.). Five or more authoritative sources were used and cited. |
|
Professionalism: Organization & Appearance |
Submitted work shows outstanding organization and the use of color, fonts, titles, headings and sub-headings, etc. is appropriate to the assignment type. |
|
Professionalism: Execution |
No formatting, grammar, spelling, or punctuation errors. |