Security information management (SIM) has emerged recently as a strong need to ensure the ongoing security of information systems. However, deploying a SIM and the associated sensors is a challenge in any organization, as the complexity and cost of such a project are difficult to bear. This paper aims to present an architecture for outsourcing a SIM platform, and discuss the issues associated with the deployment of such an environment.
The paper is an overview of the typical SIM and a possible architecture for its outsourcing.
The paper explains that the day‐to‐day operation of a SIM is beyond the financial capabilities of all but the largest organizations, as the SIM must be monitored constantly to ensure timely reaction to alerts. Many managed security services providers (MSSP), therefore, propose outsourcing the alert management activities. Sensors are deployed within the customer's infrastructure, and the alerts are sent to the outsourced SIM along with additional log information.
The paper illustrates that intrusion detection and SIM as two important and active research domains for information systems security.
Debar, H. and Viinikka, J. (2006), "Security information management as an outsourced service", Information Management & Computer Security, Vol. 14 No. 5, pp. 417-435. https://doi.org/10.1108/09685220610707430Download as .RIS
Emerald Group Publishing Limited
Copyright © 2006, Emerald Group Publishing Limited