An organization has purchased a security information and event management (SIEM) tool. Which of the following is MOST important to consider before implementation?
This one was a tough one, but I don't think it's C. As people mentioned, the contract was already signed. Technical support is a close second, but how will they know how to help if you don't know what controls you are monitoring...
A. Controls to be Monitored
By knowing what controls are to be monitored, you can design your architecture of how a SIEM ingests data around compliance regulations such as PCI, HIPA, and SOX.
Understanding the specific controls and requirements that the organization needs to monitor is crucial for effective SIEM implementation. This includes identifying the types of events, logs, and security incidents that the SIEM tool should be configured to detect and respond to. By clearly defining the controls to be monitored, the organization can tailor the SIEM solution to its unique security needs, ensuring that it provides relevant and meaningful insights into the security posture.
While reporting capabilities, the contract with the SIEM vendor, and available technical support are also important factors, they are typically addressed after the organization has a clear understanding of the controls it needs to monitor. The choice of controls drives the configuration and customization of the SIEM system to meet the organization's specific security requirements.
I did not get how people are justifying A? If we implement all valid controls and doesn't have proper reporting available for those controls, will it be useful?
Kindly clarify, thanks !
Try to look at it this way: without selecting the controls you wish to monitor, what will you report on? Also, SIEM is a log collection and correlation tool. Without identifying the controls who's logs you wish to collect, you cannot get started.
The SIEM has been purchased, which I assume a contract has been signed already. Controls to be monitored should be established before it goes live and implemented.
Thinking logically, the most important variable of any operational "Incidents/Events" tool is what will be monitored. Once monitoring criteria/requirements are agreed, then agreements on technical support must follow in which then the contract and it's service level agreement is updated.
The contract has already been signed and this step will already have been done. These are all bad answers because they should have already answered prior to deciding on the SIEM/Vendor selection. However I would say A. Control to be monitored. This is the most critical step out of these four horrible options.
The contract with the SIEM vendor is the most important to consider before implementation because it outlines the terms of the agreement between the organization and the vendor, including the scope of the SIEM tool's capabilities, the responsibilities of both parties, and any warranties or guarantees provided. It also sets expectations for service levels, maintenance, and upgrades, and lays out the legal obligations of both parties. Having a clear and comprehensive contract in place can help avoid misunderstandings and disputes later on and ensure that the organization has a clear understanding of what it is getting from the vendor.
No. You are wrong here. The contract has already been signed and this step will already have been done. These are all bad answers because they should have already answered prior to deciding on the SIEM/Vendor selection. However I would say A. Control to be monitored. This is the most critical step out of these four horrible options.
Surely the answer is "The contract with the SIEM vendor" - the contract may state that the vendor stores a backup in a territory that isn't acceptable from a data residence perspective?
A. Controls to be monitored is the MOST important to consider before implementation of a security information and event management (SIEM) tool. This is because SIEM tools are designed to monitor and analyze large amounts of data from various sources, such as network devices, servers, and applications, in order to detect and respond to potential security threats. In order to effectively use a SIEM tool, it is essential to have a clear understanding of which controls need to be monitored and how they will be monitored. This will ensure that the SIEM tool is configured properly and that it is able to detect and
respond to the specific security threats that the organization is concerned about. While reporting capabilities, the contract with the SIEM vendor and available technical support are also important to consider, they are secondary to the controls to be monitored as they are based on the controls that need to be monitored.
upvoted 3 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
YetiSpaghetti
Highly Voted 1 month, 3 weeks agoViperhunter
Most Recent 1 month, 3 weeks agoatsharma9
1 year, 3 months agoCyberbug2021
12 months agoCISSPST
1 year, 1 month agopeelu
1 year, 5 months agorichck102
1 year, 6 months agosandman310323
1 year, 6 months agoCISM_newbie
1 year, 7 months agoSIMTEIN
1 year, 9 months agoCarlLimps
1 year, 9 months agoccKane
1 year, 9 months agoCarlLimps
1 year, 9 months agodmna007
1 year, 10 months agoBroesweelies
1 year, 10 months ago