A core level that provides collection

Discuss hot database and enhance operational efficiency together.
Post Reply
relemedf5w023
Posts: 816
Joined: Sun Dec 22, 2024 7:16 am

A core level that provides collection

Post by relemedf5w023 »

Although, as Anton Svintsitsky emphasizes, for companies with different levels of maturity of information security management processes and complexity of the ICT infrastructure, the degree of necessary automation varies, each of them has to adjust existing processes to integrate information security management elements into them.

According to Dmitry Shumilin, the classical design of an automated information security management system is a three-level system, including:

· the level of collection and primary processing of information security events (both from products such as IDS, WAF, FW, DLP and other traditional information security solutions, and from physical security systems - ACS, fire and security alarms);

· analysis and correlation of events, usually implemented through the use of SIEM systems;

· automated management level, which can be represented by an add-on to SIEM systems or specialized software.

Ivan Ozerov suggests paying attention first of all to the mexico whatsapp data means for information security automation:

· Identity Management System (IDM) class systems designed to automate, based on role models, the processes of managing user accounts and access rights to ICT resources, and conducting access control and audit;

· SGRC class systems that automate processes of risk assessment and processing, asset management, audit management and compliance control, and planning of the activities of the information security department;

· IRP class systems that allow for the organization of response to information security incidents, their monitoring and registration.

Dmitry Berezina supplements this list with behavioral analysis systems (User Behavior Analytics, UBA).

Corporate information security management using information security providers
The above-mentioned incentives for automation of information security provision simultaneously contribute to the fact that more and more Russian companies (especially if information security is not their core business) resort to the services of IT and information security providers. We increasingly encounter the terms and abbreviations Managed Security Service Provider (MSSP) and Managed Detection and Response (MDR) on the services market. Competition between SOC service providers can already be observed in the country.
Top
Post Reply

Return to “Hot Database”