Re: SIEM

["Basgen, Brian" <bbasgen () PIMA EDU>]

 Our SIEM is one of our most valuable security tools. After several years of having it in place, it is hard for me to 
imagine how we could operate without it! :)

Brian Basgen
Assistant Vice Chancellor IT (Acting)
Sent from my mobile device

On Oct 11, 2012, at 6:40 AM, "Brian Helman" <bhelman () SALEMSTATE EDU> wrote:

> Good morning,
>
> Our CIO has had some discussions with Gartner RE: SIEM.  I'm familiar with the concept and many of the components, 
> but I don't have a holistic appreciation of the application yet.  Offerings being bantered about are from Solarwinds, 
> LogRhythm, Trustwave, Q1Labs and McAfee.  I am curious what other's experiences are in the collective realm or with 
> these specific offerings.  What kinds of timeframes and budgets did you place on your implementations?
>
> Josh Beeman posted an informal survey that included SIEM as a potential priority over the next 5 years.  I'm also 
> curious where other organizations place this with respect to other priorities (Josh's post is in-line below).
>
> This is cross-posted to the SECURITY and NET-MAN lists.
>
> Thanks,
> Brian
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Joshua 
> Beeman
> Sent: Friday, September 28, 2012 8:47 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Security 5 Year Strategic Plan
>
> Hi,
>
> I was thinking about this request and why people may have been reluctant to reply.  
>
> A possibility is that people may feel that sharing a five year plan amongst such a large group could be
> a) difficult/unsatisfying - given the rate at which threats and technology is evolving, it's a long time to be making 
> predictions, and
> b) risky - it may be perceived as potentially airing institutional problems/deficiencies to the public unnecessarily.
>
> Nonetheless, I am always interested in what my peers are doing/thinking about.  I wondered if there might be more 
> traction in a quasi-anonymous, mostly unscientific survey of what people thought were priorities for the next five 
> years. I took a stab at creating such a survey here:
> https://docs.google.com/spreadsheet/viewform?formkey=dHRPTlNiQkpia2x6dENzZU
> YwbU1YVEE6MQ 
>
> You will notice in my preamble I unabashedly admit it is neither comprehensive, nor scientific, so please keep your 
> expectations low!
>
> FYI - For those that are inherently suspicious of links and google forms, a text version is below.  Feel free to send 
> your responses to me.  I plan to summarize and share any results back to this list.
>
> Josh
>
>
> *********************
> SURVEY [text version]
> *********************
>
> Information Security Priorities in the Next 5 YearsRapidly evolving threats, limited resources and competing 
> priorities, can make 5 year Information Security planning difficult.
>
> Those that have developed plans may be reluctant to share them because they recognize this difficulty.
>
> This is an informal, very unscientific survey meant to help determine if there is some consensus amongst EDU 
> Information Security practitioners about topics/categories that should be prioritized in the next 5 years.
>
> What is the size of your EDU?  (Total count of Faculty, Staff and
> Students) [Optional]
>
>
> Identify up to 10 of the following items that you believe should/will be prioritized in the next 5 years in your 
> organization.  This listing is not comprehensive, items may overlap or have multiple interpretations.
>
> If you believe items are missing, please indicate this in the "Other"
> field.
>
> *(You can select less than 10, but please do not select more).
>
> * IPv6
> * Network security applicance acquisition and installation (IDS, IPS, NGFW, malware detection, etc.)
> * Logging
> * SIEM
> * InCommon Bronze/Silver certification
> * Multi-factor authentication
> * IDM improvements/strengthening
> * Policy
> * Compliance (PCI, HIPAA, FISMA, FERPA, etc.)
> * Mobile device security (technology)
> * Mobile device security (policy)
> * Whole disk encryption
> * Network segregation
> * Re-org/staffing
> * Metrics and reporting
> * Visualization
> * Vulnerability and risk assesment
> * Asset management
> * Virtual Desktop
> * Data Loss Prevention (host or network)
> * Application Security
> * Cloud security
> * Other:
>
>
> From:  Daniel Bennett <daniel.bennett () PCT EDU>
> Reply-To:  The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU>
> Date:  Friday, August 10, 2012 11:35 PM
> To:  "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU>
> Subject:  [SECURITY] Security 5 Year Strategic Plan
>
>
> Hello All,
>
> I am currently working on developing our department¹s 5 year strategic security plan and was wondering if anyone is 
> willing to share what they feel their focus will be over the next 5 years in regards to their  information security 
> infrastructure.  I have some ideas but want to see what a broader community is working towards as well.
>
> Thanks,
>
> Daniel Bennett
> IT Security Analyst
> Adjunct Faculty
> Vice-Chair North Central PA Members Alliance
>
> Pennsylvania College of Technology
> One College Ave
> Williamsport, PA 17701
>
> P:570.329.4989
> E:dbennett () pct edu
>
> ITS and Penn College will never solicit you for your username or password in an e-mail.