Deutsche Version  English Version
About usServicesProducts

 

ISPIN model «SIEM»

The task of SIEM (Security Information und Event Management) is to ensure two main processes based upon the systems' distributed status and log information:

  • Real-time Reporting: detection of possible incidents by means of collecting, analysing and correlating current log and system information.
    This information is used to know the current situation of the monitored environment and take appropriate measurements where necessary. To initiate a measurement, different types of alerts can be defined. The main stakeholder for real-time reports is IT operation.
  • Historical Reporting: analysis and statistic processing of the collected information. Stakeholders for historical and static reports are mainly the divisions IT Risk/Security, IT Operation and IT Engineering.

 

The SIEM model is located as middleware between IT infrastructure and the organisational IT processes (ITIL).

 

back »