Collection and Management Strategy Paper
Write a discussion board on it for 275 words
Log collection and management strategy is one of the most important decisions an organization can make as these logs provide pertinent event data that is used to identify potential compromises from external and internal threat actors, as well as organizational policy violations. For this week’s discussion board posting, I want you to respond to the following questions:1) What are some log collection/management considerations that an organization might need to bear in mind?2) Do log files unto themselves provide an organization with complete visibility into what’s occurring on the organization’s network or to support internal investigations?Collection and Management Strategy Paper. If not, what other data sources might you think would provide enrichment to the existing data set?3) Research centralized security incident and event management systems. Provide a summary of the features they contain and provide your assessment on how these features can be used by an organization (SOC analyst, threat hunting team, or incident responder) to help support investigations? Are there any particular features that might be useful to help with regulatory compliance reporting?As always, please provide citations when applicable.
Write a response of 100 words for this discussion
Some log collection/management considerations that an organization might need to bear in mind are:Data Collection using the log management should be simple and seamless.User should be able to easily search log data across multiple sources.Log collections should be scalable enough to fit the huge volumes of data the applications and systems are generating.Log data contains sensitive data of organization and/or customers, so log management should be securely conducted, and should support different security measures.Log data increases enormously as the time passes, so managing log data cost a lot of budget. So, the cost-effective log management should be chosen that meets organization’s needs.
2. No, log files do not provide an organization with the complete visibility into what’s occurring on the organization’s network. Log files helps to identify issues and patterns of intrusion threats from insiders and outsiders. Collection and Management Strategy Paper.
3. Security incident and event management systems (SIEMS) is the central process of identifying, monitoring, and analyzing security incidents in a real-time environment. SIEM has retention feature that stores data longer period. Its correlation feature sorts data to meaningful packets that gives useful information. It alerts when triggers certain conditions. SIEM helps security personnel by collecting log data from different sources, performing real-time monitoring, and analyzing and reporting them.
Rules can be set up in SIEM that collect data in compliance with company, or government policies. Collection and Management Strategy Paper.