32:
274:, a collection of best practices for IT control processes, goes far beyond IT security. In relation, it supplies criteria for how Security Officers can conceive IT security as an independent, qualitatively measurable service and integrate it into the universe of business-process-oriented IT processes. ITIL also works from the top down with policies, processes, procedures and job-related instructions, and assumes that both superordinate, but also operative aims need to be planned, implemented, controlled, evaluated and adjusted.
129:/Plan-Do-Check-Act (PDCA) Cycle: within the scope of SLM, abstract security policies or compliance guidelines at a company are transposed into operative, measureable specifications for the IT security infrastructure. The operative aims form the security level to be reached. The security level is checked permanently against the current status of the
212:, which, via suitable organisation structures and processes, ensures that IT supports corporate strategy and objectives. SLM allows CSOs, CIOs and CISOs to prove that SLM is contributing towards protecting electronic data relevant to processes adequately, and therefore makes a contribution in part to IT governance.
223:
Each company specifies security policies. It defines aims in relation to the integrity, confidentiality, availability and authority of classified data. In order to be able to verify compliance with these specifications, concrete objectives for the security software used in the company must be derived
204:
SIM and SEM relate to the infrastructure for realising superordinate security aims, but are not descriptive of a strategic management system with aims, measures, revisions and actions to be derived from this. SLM unites the requisite steps for realising a measurable, functioning IT security structure
241:
Information on the current status of the systems in a network can be obtained from the log data and the status reports of the management consoles of the security software used. Monitoring solutions that analyse the security software of different vendors can simplify and accelerate data collection.
227:
Limits and thresholds must be defined separately for different system classes of the network, for example, because the local IT infrastructure and other framework conditions must be taken into account. Overarching security policies therefore result in different operational objectives, such as: The
200:
defines as follows: SIM provides reporting and analysis of data primarily from host systems and applications, and secondarily from security devices — to support security policy compliance management, internal threat management and regulatory compliance initiatives. SIM supports the monitoring and
255:
Efficient SLM allows trend analyses and long-term comparative assessments to be made. By continuously monitoring the security level, weak spots in the network can be identified at an early stage and proactive adjustments can be made to the security software to improve system protection.
201:
incident management activities of the IT security organization . SEM improves security incident response capabilities. SEM processes near-real-time data from security devices, network devices and systems to provide real-time event management for security operations.
248:
SLM provides continual comparison of the defined security level with the actual values collected. Automated real-time comparison supplies companies with a continuous monitoring of the security situation of the entire company network.
228:
security-relevant software updates should be installed on all workstations in our network no later than 30 days after their release. On certain server and host systems after 60 days at the latest.
264:
Besides defining the specifications for engineering, introducing, operating, monitoring, maintaining and improving a documented information security management system,
118:
at any time, and to make IT security a measurable quantity. Transparency and measurability are the prerequisites for improving IT security through
61:
193:
235:) provides companies with instructions on transposing subordinate, abstract aims into measurable objectives in a few steps.
224:
from the abstract security policies. A security level consists of a collection of measurable limiting and threshold values.
165:
83:
54:
316:
Gartner
Research, Magic Quadrant for Security Information and Event Management, ID Number G00139431, 12 May 2006.
298:
185:
108:
149:, etc.). Deviations can be recognised at an early stage and adjustments made to the security software.
189:
161:
114:
The aim of SLM is to display the information technology (IT) security status transparently across an
44:
138:
48:
40:
358:
372:
157:
65:
146:
119:
283:
8:
288:
173:
130:
104:
231:
The IT control manual
Control Objectives for Information and Related Technologies (
142:
169:
134:
268:
also defines the specifications for implementing suitable security mechanisms.
20:
366:
293:
265:
209:
126:
115:
334:
153:
197:
156:
contexts, SLM typically falls under the range of duties of the
232:
271:
346:
208:
SLM can be categorised under the strategic panoply of
364:
53:but its sources remain unclear because it lacks
347:International Organization for Standardization
192:(SEM) (as well as their combined practice,
125:SLM is oriented towards the phases of the
16:Quality assurance system for cybersecurity
194:security information and event management
84:Learn how and when to remove this message
253:Adjusting the Security Structure (Act):
365:
184:SLM is related to the disciplines of
246:Checking the Security Level (Check):
25:
335:Summary and material from the ISACA
239:Collecting and Analysing Data (Do):
221:Defining the Security Level (Plan):
13:
168:(CISO), who report directly to an
166:chief information security officer
14:
384:
322:
179:
359:Summary and material from AXELOS
30:
19:For cryptographic strength, see
299:Information security management
205:in a management control cycle.
186:security information management
310:
1:
304:
259:
215:
7:
277:
109:information system security
10:
389:
18:
190:security event management
162:chief information officer
97:Security level management
39:This article includes a
68:more precise citations.
158:chief security officer
147:vulnerability scanner
120:continuous monitoring
284:Information security
289:Security management
172:on IT security and
41:list of references
174:data availability
131:security software
105:quality assurance
94:
93:
86:
380:
317:
314:
143:patch management
89:
82:
78:
75:
69:
64:this article by
55:inline citations
34:
33:
26:
388:
387:
383:
382:
381:
379:
378:
377:
363:
362:
325:
320:
315:
311:
307:
280:
262:
218:
196:(SIEM)), which
182:
170:executive board
135:malware scanner
90:
79:
73:
70:
59:
45:related reading
35:
31:
24:
17:
12:
11:
5:
386:
376:
375:
356:
355:
344:
343:
332:
331:
324:
323:External links
321:
319:
318:
308:
306:
303:
302:
301:
296:
291:
286:
279:
276:
261:
258:
217:
214:
181:
180:Classification
178:
164:(CIO), or the
103:) comprises a
92:
91:
49:external links
38:
36:
29:
21:Security level
15:
9:
6:
4:
3:
2:
385:
374:
373:Data security
371:
370:
368:
361:
360:
354:
351:
350:
349:
348:
342:
341:ISO/IEC 27000
339:
338:
337:
336:
330:
327:
326:
313:
309:
300:
297:
295:
294:IT management
292:
290:
287:
285:
282:
281:
275:
273:
269:
267:
266:ISO/IEC 27001
257:
254:
250:
247:
243:
240:
236:
234:
229:
225:
222:
213:
211:
210:IT governance
206:
202:
199:
195:
191:
187:
177:
175:
171:
167:
163:
159:
155:
150:
148:
144:
140:
136:
132:
128:
123:
121:
117:
112:
110:
106:
102:
98:
88:
85:
77:
67:
63:
57:
56:
50:
46:
42:
37:
28:
27:
22:
357:
352:
345:
340:
333:
328:
312:
270:
263:
252:
251:
245:
244:
238:
237:
230:
226:
220:
219:
207:
203:
183:
151:
127:Deming Cycle
124:
116:organization
113:
100:
96:
95:
80:
71:
60:Please help
52:
160:(CSO), the
107:system for
66:introducing
305:References
188:(SIM) and
260:Standards
216:Procedure
154:corporate
367:Category
278:See also
74:May 2017
198:Gartner
62:improve
139:update
133:used (
329:COBIT
233:COBIT
47:, or
353:ITIL
272:ITIL
152:In
101:SLM
369::
176:.
145:,
137:,
122:.
111:.
51:,
43:,
141:/
99:(
87:)
81:(
76:)
72:(
58:.
23:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.