In To avoid deployment failures and evaluate how Security Information and capabilities match to your requirements Gartner analysts Mark Nicolett,Kelly M Kavanagh have stated certain recommendations.
According to them those developing SIEM requirements should:
- Include stakeholders from IT security, IT operations internal audit and compliance.
- Develop a two- to three-year road map for the SIEM deployment to ensure that all functional and scalability requirements are considered with the initial buying decision. This will allow you to evolve the deployment as change occurs with threats, information technology and business requirements.
- Select a technology whose deployment and support requirements are a good match to the IT organization's project and support capabilities. Organizations may also need to consider services to cover project and operational capability gaps.
What the CISOs need to know
Organisations evaluating security information and event management (SIEM) tools should begin with a requirements definition effort that includes IT security, IT operations internal audit and compliance. Organizations must determine deployment scale, real-time monitoring, and post capture analytics and compliance reporting requirements. In addition, organizations should identify products whose deployment and support requirements are good matches to internal project and support capabilities. Gartner recommends developing a set of requirements that resolve the initial problem; however, there should also be some planning for the broader implementation of SIEM capabilities in subsequent project phases. Developing a two- to three-year road map for all functions will ensure that the buying decision considers longer-term functional and scaling requirements. Be ready to evolve the plan in response to changes in IT, business requirements and threats.
Add new comment