Security level management
Encyclopedia
Security Level Management (SLM) comprises a quality assurance system for electronic information security.
The aim of SLM is to display the IT security status transparently across a company at any time, and to make IT security a measurable quantity. Transparency and measurability form the prerequisites for making IT security proactively monitorable, so that it can be improved continuously.
SLM is oriented towards the phases of the Deming Cycle/Plan-Do-Check-Act (PDCA) Cycle: within the scope of SLM, abstract security policies or compliance guidelines at a company are transposed into operative, measureable specifications for the IT security infrastructure. The operative aims form the security level to be reached.
The security level is checked permanently against the current performance of the security systems (malware scanner, patch systems, etc.). Deviations can be recognised early on and adjustments made to the security system.
SLM falls under the range of duties of the Chief Security Officer
(CSO), the Chief Information Officer
(CIO) or the Chief Information Security Officer
(CISO), who report directly to the Executive Board on IT Security and data availability.
summarise in their Magic Quadrant for Security Information and Event Management, and define as follows:
"[…] SIM provides reporting and analysis of data primarily from host systems and applications, and secondarily from security devices — to support security policy compliance management, internal threat management and regulatory compliance initiatives. SIM supports the monitoring and incident management activities of the IT security organization […]. SEM improves security incident response capabilities. SEM processes near-real-time data from security devices, network devices and systems to provide real-time event management for security operations. […]"
SIM and SEM relate to the infrastructure for realising superordinate security aims, but are not descriptive of a strategic management system with aims, measures, revisions and actions to be derived from this. SLM unites the requisite steps for realising a measurable, functioning IT security structure in a management control cycle.
SLM can be categorised under the strategic panoply of IT governance, which, via suitable organisation structures and processes, ensures that IT supports corporate strategy and objectives. SLM allows CSOs, CIOs and CISOs to prove that SLM is contributing towards protecting electronic data relevant to processes adequately, and therefore makes a contribution in part to IT governance.
Example: operative aims like "the anti-virus systems at our UK sites need to be up-to-date no longer than four hours after publication of the current definition" need to be derived from superordinate security policies like "our employees should be able to work without being interrupted."
Limiting and threshold values are to be specified separately and individually for different sites, locations and countries, because the IT infrastructure on-site and any other local determining factors need to be taken into consideration.
Example: office buildings in the UK are normally equipped with high-speed dedicated lines. It is wholly realistic here to limit the deadline for supplying all computers with the newest anti-virus definitions to a few hours. For a factory in Asia, with a slow modem link to the web, a realistic limiting value would have to be set that is somewhat higher.
The IT control manual Control Objectives for Information and Related Technology Cobit (CobiT
) provides companies with instructions on transposing subordinate, abstract aims into measurable aims in a few steps.
Collecting and Analysing Data (Do):Information on the current status of the systems can be gleaned from the log file and status reports provided by individual anti-virus, anti-spyware or anti-spam consoles. Monitoring and reporting solutions analysing software applications from all software houses can simplify and accelerate data collection.
Checking the Security Level (Check): SLM prescribes continual reconciliation of the defined security level with the current measured values. Automated real-time reconciliation supplies companies with a permanent status report on the security status across all locations.
Adjusting the Security Structure (Act): Efficient SLM allows trend analyses and long-term comparative assessments to be made. Through the rolling observation of the security level, weak spots in the network can be identified early on and appropriate adjustments made proactively in the security systems.
The IT Infrastructure Library (ITIL
), a collection of best practices for IT control processes, goes far beyond IT security. In relation, it supplies criteria for how Security Officers can conceive IT security as an independent, qualitatively measurable service and integrate it into the universe of business-process-oriented IT processes. ITIL also works from the top down with policies, processes, procedures and job-related instructions, and assumes that both superordinate, but also operative aims need to be planned, implemented, controlled, evaluated and adjusted.
The aim of SLM is to display the IT security status transparently across a company at any time, and to make IT security a measurable quantity. Transparency and measurability form the prerequisites for making IT security proactively monitorable, so that it can be improved continuously.
SLM is oriented towards the phases of the Deming Cycle/Plan-Do-Check-Act (PDCA) Cycle: within the scope of SLM, abstract security policies or compliance guidelines at a company are transposed into operative, measureable specifications for the IT security infrastructure. The operative aims form the security level to be reached.
The security level is checked permanently against the current performance of the security systems (malware scanner, patch systems, etc.). Deviations can be recognised early on and adjustments made to the security system.
SLM falls under the range of duties of the Chief Security Officer
Chief security officer
A chief security officer is a corporation's top executive who is responsible for security.The CSO generally serves as the business leader responsible for the development, implementation and management of the organization’s corporate security vision, strategy and programs...
(CSO), the Chief Information Officer
Chief information officer
Chief information officer , or information technology director, is a job title commonly given to the most senior executive in an enterprise responsible for the information technology and computer systems that support enterprise goals...
(CIO) or the Chief Information Security Officer
Chief information security officer
A chief information security officer is the senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy and program to ensure information assets are adequately protected...
(CISO), who report directly to the Executive Board on IT Security and data availability.
Classification
SLM is related to the disciplines of Security and Security Event management (SIEM), which the analysts GartnerGartner
Gartner, Inc. is an information technology research and advisory firm headquartered in Stamford, Connecticut, United States. It was known as GartnerGroup until 2001....
summarise in their Magic Quadrant for Security Information and Event Management, and define as follows:
"[…] SIM provides reporting and analysis of data primarily from host systems and applications, and secondarily from security devices — to support security policy compliance management, internal threat management and regulatory compliance initiatives. SIM supports the monitoring and incident management activities of the IT security organization […]. SEM improves security incident response capabilities. SEM processes near-real-time data from security devices, network devices and systems to provide real-time event management for security operations. […]"
SIM and SEM relate to the infrastructure for realising superordinate security aims, but are not descriptive of a strategic management system with aims, measures, revisions and actions to be derived from this. SLM unites the requisite steps for realising a measurable, functioning IT security structure in a management control cycle.
SLM can be categorised under the strategic panoply of IT governance, which, via suitable organisation structures and processes, ensures that IT supports corporate strategy and objectives. SLM allows CSOs, CIOs and CISOs to prove that SLM is contributing towards protecting electronic data relevant to processes adequately, and therefore makes a contribution in part to IT governance.
The Steps towards SLM
Defining the Security Level (Plan): Each company specifies security policies. The executive management defines aims in relation to the integrity, confidentiality, availability and authority of classified data. In order to be able to verify compliance with these specifications, concrete aims for the individual security systems at the company need to be derived from the abstract security policies. A security level consists of a collection of measurable limiting and threshold values.Example: operative aims like "the anti-virus systems at our UK sites need to be up-to-date no longer than four hours after publication of the current definition" need to be derived from superordinate security policies like "our employees should be able to work without being interrupted."
Limiting and threshold values are to be specified separately and individually for different sites, locations and countries, because the IT infrastructure on-site and any other local determining factors need to be taken into consideration.
Example: office buildings in the UK are normally equipped with high-speed dedicated lines. It is wholly realistic here to limit the deadline for supplying all computers with the newest anti-virus definitions to a few hours. For a factory in Asia, with a slow modem link to the web, a realistic limiting value would have to be set that is somewhat higher.
The IT control manual Control Objectives for Information and Related Technology Cobit (CobiT
COBIT
COBIT is a framework created by ISACA for information technology management and IT Governance. It is a supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks.-Overview:...
) provides companies with instructions on transposing subordinate, abstract aims into measurable aims in a few steps.
Collecting and Analysing Data (Do):Information on the current status of the systems can be gleaned from the log file and status reports provided by individual anti-virus, anti-spyware or anti-spam consoles. Monitoring and reporting solutions analysing software applications from all software houses can simplify and accelerate data collection.
Checking the Security Level (Check): SLM prescribes continual reconciliation of the defined security level with the current measured values. Automated real-time reconciliation supplies companies with a permanent status report on the security status across all locations.
Adjusting the Security Structure (Act): Efficient SLM allows trend analyses and long-term comparative assessments to be made. Through the rolling observation of the security level, weak spots in the network can be identified early on and appropriate adjustments made proactively in the security systems.
See also
Besides defining the specifications for engineering, introducing, operating, monitoring, maintaining and improving a documented information security management system, ISO/IEC 27001:2005 also defines the specifications for implementing suitable security mechanisms.The IT Infrastructure Library (ITIL
Itil
Itil may mean:*Atil or Itil, the ancient capital of Khazaria*Itil , also Idel, Atil, Atal, the ancient and modern Turkic name of the river Volga.ITIL can stand for:*Information Technology Infrastructure Library...
), a collection of best practices for IT control processes, goes far beyond IT security. In relation, it supplies criteria for how Security Officers can conceive IT security as an independent, qualitatively measurable service and integrate it into the universe of business-process-oriented IT processes. ITIL also works from the top down with policies, processes, procedures and job-related instructions, and assumes that both superordinate, but also operative aims need to be planned, implemented, controlled, evaluated and adjusted.
External links
- COBIT:
- Summary and material from the German Chapter of the ISACA - German
- 4.0 Deutsch.pdf Cobit 4.0 - German