Tomaž Hiti (2011) Decision model for implementing a security information and event management system. MSc thesis.
Organizations are aware of the importance of adequate information security due to various reasons like protection of confidential data based on regulations and legislation. On the other hand modern information systems are becoming very complex and vulnerable, which causes the generation of enormous amount of information and events spread over the systems. Quality management system therefore requires centralized event management. In the bank we are aware of the problem and are looking forward to finding a solution in the field of information and event security management (SIEM). In the present thesis the decision-making model for the choice of security information and event management is presented. The objective of the thesis is to facilitate the decision-making and the choice of appropriate SIEM; therefore three SIEM offers were chosen to present the pilot installation. The assessment of varieties was based on advantages and disadvantages as well as on architectural solutions. The process of decision-making was based on weight parameter estimation method which belongs to the group of multi-parameter and multi-criteria decision-making. The best results were obtained by ArcSight system for which the final architectural solution was proposed. The final solution is based on high geographic redundancy configuration. The above decision-making process could be repeated and used by diverse enterprises or decision-makers. Despite the chosen offerer the decision-maker can choose any SIEM offerer and use the above methodology.
Actions (login required)