This is an automated archive.
The original was posted on /r/cybersecurity by /u/SecuritySpook on 2023-08-29 13:33:40+00:00.
Hey Guys
I’m currently finalising things on my master’s thesis. This thesis is basically based on giving a survey to security analysts and ask them how efficient they find their SIEM to be based on the questions given in the survey.
The questions in the survey were acquired from criteria in various literature papers, which had criteria to understand if a SIEM was capable enough to be used in an organisation. One criterion I discovered was “user data protection”. Now, the particular author that made this did not go in-depth into what exactly “user data protection” would mean in SIEMs, as from my understanding SIEMs collect logs from various network components to alert its user based on suspicious activity. The only questions I could make from this were:
-
Does your organisation SIEM utilise end to end encryption?
-
Does your SIEM system support role-based access controls to define who can see and manipulate user data?
I’m not really confident if these questions best represent that criterion, and since I don’t have much experience with SIEM environments, I don’t want to look silly in front of professional security analysts asking the wrong questions.
PS: If you want to see my survey fully, please DM me to view it. Participation is strictly up to you.