Security Information Management
Encyclopedia
Security information management (SIM) is the industry-specific term in computer security referring to the collection of data (typically log files; e.g. eventlogs) into a central repository for trend analysis. SIM products generally comprise software agents running on the computers that are to be monitored, communicating with a centralized server acting as a "security console", sending it information about security-related events, which displays reports, charts, and graphs of that information, often in real time. The software agents can incorporate local filters, to reduce and manipulate the data that they send to the server. The security console is monitored by a human being, who reviews the consolidated information, and takes action in response to any alerts issued.
The data that are sent to the server, to be correlated and analyzed, are normalized by the software agents into a common form, usually XML
. Those data are then aggregated, in order to reduce their overall size.
The terminology can easily be mistaken as a reference to the whole aspect of protecting one's infrastructure from any computer security breach. Due to historic reasons of terminology evolution; SIM refers to just the part of information security which consists of discovery of 'bad behavior' by using data collection techniques. The term commonly used to represent an entire security infrastructure that protects an environment is commonly called information security management
(InfoSec).
Security information management is also referred to as or included in SEM (security event management) and SIEM (security information and event management).
The data that are sent to the server, to be correlated and analyzed, are normalized by the software agents into a common form, usually XML
XML
Extensible Markup Language is a set of rules for encoding documents in machine-readable form. It is defined in the XML 1.0 Specification produced by the W3C, and several other related specifications, all gratis open standards....
. Those data are then aggregated, in order to reduce their overall size.
The terminology can easily be mistaken as a reference to the whole aspect of protecting one's infrastructure from any computer security breach. Due to historic reasons of terminology evolution; SIM refers to just the part of information security which consists of discovery of 'bad behavior' by using data collection techniques. The term commonly used to represent an entire security infrastructure that protects an environment is commonly called information security management
Information Security Management
Information security describes activities that relate to the protection of information and information infrastructure assets against the risks of loss, misuse, disclosure or damage...
(InfoSec).
Security information management is also referred to as or included in SEM (security event management) and SIEM (security information and event management).
See also
- Information securityInformation securityInformation security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction....
- Information security managementInformation Security ManagementInformation security describes activities that relate to the protection of information and information infrastructure assets against the risks of loss, misuse, disclosure or damage...
- Information security management systemInformation security management systemAn information security management system is a set of policies concerned with information security management or IT related risks. The idioms arose primarily out of ISO 27001....
- Security Information and Event ManagementSecurity Information and Event ManagementSecurity Information and Event Management solutions are a combination of the formerly disparate product categories of SIM and SEM...
- Security event managerSecurity Event ManagerA security event manager is a computerized tool used on enterprise data networks to centralize the storage and interpretation of logs, or events, generated by other software running on the network....