Reply to each below in at least 200 words.
Reply to student #1 answer to the original DQ:
Within my perspective when it comes to security event management (SEM) for small to medium sized businesses IBM’s Tivoli products can be a feasible means for security systems implementation. In this consideration SEM can push SMBs to SaaS (software as a service) into an acceptable means for holistic security in the aspects of cost effectiveness and benefit validation towards the implementation. Given the benefits and features along with the cost analysis of IBM’s Tivoli products SMBs; have the ability to gain security controls, compliances, and monitoring that would otherwise divide services, increasing cost and management means. With IBM’s Tivoli, SEM provides systems security management within the means that a small business would need to protect information and assets, without the extended cost. These benefits include security compliance management; automatic detecting; monitoring; and warning system for vulnerabilities and security policy violations within one’s systems, and networks.
Automated management is beneficial within a small business as it decreased the cost of extended hiring; i.e. few IT administrators rather than multiple. Other features and benefits towards Tivoli; includes [“TSIEM offers centralized log management, along with Privileged user monitoring and audit on databases, applications, servers, and mainframes. zSecure family of products enables the administration and policy enforcement of RACF security and monitoring, auditing and alerting of RACF, ACF2 and Top Secret-based mainframes (Spring, 2009).”]
In all consideration you get what you pay for, and within this aspect; SMBs using IBM’s Tivoli products at the given cost, one is provided with extensive services at a very big fraction of the cost that enterprises; corporations, and larger businesses pay. The investment would pay off in that consideration.
Reply to student #2 answer to the original DQ:
Strong Security Event Management practices are critical to managing Information Security risk, proving compliance, and managing security incidents in support of both. SEM/SIEM can be used to reduce the likelihood of security incidents being realized by detecting the events that precede an incident; optimize incident response by providing ready access to the information needed to contain and remediate the incident before significant business impact, facilitate forensic investigations to ensure that security incidents are fully resolved and lessons learned can be leveraged to reduce the number and severity of future incidents, simplify the process of proving you are compliant with relevant laws and regulations. There are regulatory agreements that require companies to have SEM/SIEM in place (GmP for example) but when planning a SEM we should consider which are the systems to be monitored for security events and what are the actual events that are worth to collect data form, what is the time frame for data to be stored (it should be govern by policies and SOPs) What are the protective measures to be implemented to maintain their integrity configure the SEMs to be automatic and proactive (send alerts, self activate on certain events etc.), monitor the effectiveness and look for areas of improvement, maintain a balance of cost benefit of maintenance. Log and update entries and modifications to the SEM itself. There are some that are delivered with security packages, others that come with Server OS and some that are sold separately.
Reply to student #3 answer to the original DQ:
You do get what you pay for. THis is a major factor in the start up business. There are many on line businesses and or on line driven business in the world now. Have the knowledge and the correct SEM is crucial to the security of not only thier information but the ones of the guests that choose to show or work with you.
The biggest issue that comes out with new businesses is the security of the financial information of the guests.
I think Target and Home Depot need to revist this chapter. Just my opinion. Any thoughts? Do you think they need to work on their information Security when it comes to their systems?
Reply to student #4 answer to the original DQ:
Based on the Spring (2009) article, I think security event management (SEM) is feasible for small-to- medium-sized businesses (SMBs). Smaller companies can benefit from a security information and event management (SIEM) tool, especially if the IT department is small and overworked. There are products that are made specifically for 5,000 or fewer employees. An SIEM appliance tool would sit in the center of all the other devices on your network and collects logs from devices; log analysis and event correlation in memory. When a security event is detected, the tool allows for an automated active response that can mitigate an activity that is still in progress. Such an appliance tool doesn't require someone to monitor the console all the time; it allows you to leverage correlation, automated active response, and notification so you can walk away and get other work done while the tool watches your back. Smaller companies with IT people who wear numerous hats should look into a tool like this for their business. Smaller companies may also have one person who holds the administrator hat. If there was a disgruntle employee who tries to circumvent the tools logging and analysis to steal sensitive data or commit other harmful acts, they can think again. Not even an administrator with privileges can manipulate the source logs or make changes to an audit trail and if they do anything within the console, it would be fully audited and reported upon.
Reply to Instructors Statement #1:
Great points, Keshia. Small business owners and stakeholders do have to wear many hats in their respective organizations; having an appliance/tool/app hat can help with some of those tasks would be a welcome addition to any shop.
It is kinda hard to think of a 5K employee company as ‘small'!
Reply to student #1 answer to the instructor statement :
I tend to agree with your statement based on the fact that in small to mid size companies IT people tends to wear many hats. I know with my company I have more hats then I can count . Im the IT security person, Accounts Manager ,Web Designer and all of function dose not included the job role that I have in the company. I do think the SIEM tool is the best tool to have with small and mid size. Even at my work we have the McAfee SIEM tool
Reply to student #2 answer to the instructor statement :
An organization does not have to spend a fortune protecting itself from threats, OSs have already integrated some sort of SEMs within their architecture, it is up to IT administrators or personnel on the type of approach that they want to take, for instance on Windows server 2008 with the Security Templates snap-in, you can create a security policy for a computer or for your network. Security templates can be used to define policy settings for the following security areas:
â–ªAccount policies: Password policy, account lockout policy, and Kerberos policy
â–ªLocal policies: Audit policy, user rights assignment, and security options
â–ªEvent log: Application, system, and security event log settings
â–ªRestricted groups: Membership of security-sensitive groups
â–ªSystem services: Startup and permissions for system services
â–ªRegistry: Permissions for registry keys
â–ªFile system: Permissions for folders and files
Such can be utilized automatically or manually when looking for discrepancies; when working in coordination with services.msc on windows 7 and above it can track any changes and any security breaches real time and either force to shut down or alert IT personnel, the same goes for 3rd party software such as SolarWinds which combines log management, event correlation, visualization, reporting, file integrity monitoring, USB defense, SQL database monitoring, and active response in a virtual appliance that's easy to deploy, manage, and use.
Reply to student #3 answer to the instructor statement :
Unfortunately small businesses are not only the get away but the access point in some cases and the scapegoat on others, just remember what happened with Target when initially they tried to blame a small company as the culprits of the breach, The latest business to be hit by a breach is Jimmy John's. The Champagne, Illinois-based sandwich chain on Wednesday said it has learned of a possible security incident involving consumers' credit and debit card data, which was compromised after an intruder stole log-in credentials from the company's point-of-sale vendor. That information was then used to remotely access point-of-sale systems at approximately 216 locations between June 16, 2014 and Sept. 5, 2014, There are different numbers about how many small businesses are breach every year but those numbers are far superior to the ones of big companies even when compared in comparison. most small businesses in the USA already have been exposed, or likely will be soon. The loss or theft of private information can be expensive, drive away customers and even result in legal penalties.
A Ponemon Institute survey for insurer Hartford Steam Boiler found that 55 percent of small businesses had a data breach and 53 percent of those businesses had multiple breaches.
Yet, surprisingly, only 33 percent of the businesses notified the people affected, even though 46 states, the District of Columbia and Puerto Rico require that individuals be contacted when their personal information is compromised.
Why would a small business owner risk fines and their company's reputation by ignoring a data breach? They don't believe it will happen to them. When it does, they're not prepared and don't know how to respond.(USAToday, May 6, 2013)
|Due By (Pacific Time)
||12/21/2014 07:00 am