Back to Service Library
Service Catalog / Strategic Advisory & Professional Services / Security Program Development / Security Event Management Plan
158SEMP Base

Security Event Management Plan

On this page

    Service Overview

    Security Event Management is the framework used to manage security event logs, including the tools, processes, and resources that an organization uses to examine electronic audit logs for indications of unauthorized security-related activities.

    When properly designed and implemented, security event management assists organizations in determining what has events of significance have occurred and can be both preventative and reactive. As a cornerstone capability for supporting an Incident Response Plan, DeepSeas assists clients with navigating the complicated, resource taxing, and often very expensive burden associated with implementing this capability

    Objectives

    The objectives of this initiative are as follows:

    • Develop and document a security event management plan, including selection of in-scope events and actions
    • Develop and document a security event management procedure
    • Identify roles and responsibilities
    • Identify in-scope systems and event types
    • Identify system owners (for log configuration)

    Methodology

    The plan is based on one or more of the following regulations and standards:

    • National Institute of Standards in Technology (NIST)
    • International Organization for Standardization (ISO:IEC)
    • Payment Card Industry Data Security Standards (PCI-DSS)
    • Center for Internet Security Critical Security Controls (SANS)
    • Information Technology Infrastructure Library (ITIL)

    This Security Event Management service consists of the following phases:

    POLICY DEVELOPMENT

    • LOGGING REVIEW - Existing logging functions will be reviewed for consideration and inclusion in the new plan
    • BUSINESS OBJECTIVE INCORPORATION - Organizational objectives, strategies and principles will be collected, prioritized and prepared for integration into the plan. Communications with Subject Matter Experts, organizational leaders and vested parties will be held to validate accuracy and completeness.
    • SECURITY STANDARDS INCORPORATION - Appropriate standards, including SANS, NIST and others will be considered as baselines for management objectives.
    • COMPLIANCE REQUIREMENT INCORPORATION - Appropriate legal and regulatory language will be considered as baselines for logging plans.

    IMPLEMENTATION STRATEGY DEVELOPMENT - A schedule and mechanism for communication of new policies will be developed and prepared for implementation.

    Deliverables

    DeepSeas will produce the following deliverables:

    1. INITIALIZATION MEETING - DeepSeas will host a kickoff meeting to conduct introductions and familiarize Client with the initiative. This meeting will be no longer than sixty (60) minutes and it is intended to review the objectives, methodology, scope and deliverables in the Statement of Work.
    2. PROJECT PLAN - DeepSeas will deliver a project plan that describes the tasks, milestones, resources, and project start and end dates of each major deliverable.
    3. SECURITY EVENT MONITORING PLAN- DeepSeas will deliver a formal security event management plan.
    4. SECURITY EVENT MONITORING MATRIX - DeepSeas will deliver a comprehensive matrix that identifies the system types, log types and associated activities in a modular spreadsheet format.
    5. TRANSITION MEETING - DeepSeas will host a transition meeting to assist client with next steps.