Security information management as an outsourced service
Abstract
Purpose
Security information management (SIM) has emerged recently as a strong need to ensure the ongoing security of information systems. However, deploying a SIM and the associated sensors is a challenge in any organization, as the complexity and cost of such a project are difficult to bear. This paper aims to present an architecture for outsourcing a SIM platform, and discuss the issues associated with the deployment of such an environment.
Design/methodology/approach
The paper is an overview of the typical SIM and a possible architecture for its outsourcing.
Findings
The paper explains that the day‐to‐day operation of a SIM is beyond the financial capabilities of all but the largest organizations, as the SIM must be monitored constantly to ensure timely reaction to alerts. Many managed security services providers (MSSP), therefore, propose outsourcing the alert management activities. Sensors are deployed within the customer's infrastructure, and the alerts are sent to the outsourced SIM along with additional log information.
Originality/value
The paper illustrates that intrusion detection and SIM as two important and active research domains for information systems security.
Keywords
Citation
Debar, H. and Viinikka, J. (2006), "Security information management as an outsourced service", Information Management & Computer Security, Vol. 14 No. 5, pp. 417-435. https://doi.org/10.1108/09685220610707430
Publisher
:Emerald Group Publishing Limited
Copyright © 2006, Emerald Group Publishing Limited