Project Plan for think of SIEM

1. SIEM - Design and Integration Services
Expertise in delivery from start to finish - that is Company to our clients, and it is what we
bring to every SIEM engagement. Leveraging a phased approach, we systematically guide
you through the requisite stages of solution deployment. We collaborate with each client
to design a plan geared around your specific needs.
Typical SIEM Project Phases appear below.
Phase 1 – Assessment & Requirements Gathering
In Phase 1, COMPANY will perform a detailed assessment of the client’s environment to
inventory the existing security architecture and identify the basic requirements of the
SIEM. These requirements provide the essential building blocks of a well-operating real-
time security monitoring solution. COMPANY and the client, including team members
from Information Security, IT Risk, and others to be identified, will jointly review the
requirements and validate that all of the client’s needs and requirements are addressed.
Work during Phase 1 – Assessment & Requirements Gathering includes the following
tasks:
1. Understand the current enterprise security architecture and its critical
components; determine where standards exist for ESA configuration and where
consolidation is required.
2. Understand the current tools and procedures used to determine potential risk and
procedures used to confirm regulatory compliance.
3. Identify the business objectives to be met by the development and
implementation of a SIEM.
4. Identify the business-critical resources to be monitored by the SIEM.
5. Manage Vendor Selection and/or RFP Process
Phase 2 – System Design
During Phase 2, COMPANY will convert all gathered SIEM requirements to client-specific
Use Cases, and author a detailed technical design of the planned SIEM deployment.
Work during Phase 2 – System Design includes the following tasks:
1. Conversion of SIEM Business Requirements to Level 1 Conceptual Use Cases
2. Creation of Level 2 Technical Use Cases to support Level 1 Conceptual Use Cases
3. Creation of logical and physical SIEM architecture designs
4. Creation of SIEM integration project plan
Phase 3 – Integration Services
During Phase 3, COMPANY will implement an enterprise, Security Information & Event
Management system in both Development and Production environments, based on the

2. approved design from above.
Core SIEM Capabilities will include:
A real-time, centralized correlation and monitoring system for the entirety of the
•
client’s network security infrastructure
The ability to perform notification of and respond to harmful security events,
•
weighted by IT Asset Criticality
The ability to share information security event data with all relevant business units
•
The ability to generate security event data for forensic purposes to help in
•
investigations.
COMPANY Expertise – Business-Oriented SIEM Applications:
While core SIEM capabilities are the foundation of any successful SIEM deployment, it is
the application of those capabilities towards business-oriented applications that yield the
highest ROI for our clients. COMPANY specializes in building SIEM solutions designed to
integrate information security with business transaction data to reduce risk while also
enhancing the client’s financial bottom-line.
User Activity Monitoring - The ability to track privileged user access to sensitive
•
data
Intellectual Property Monitoring / Protection – The ability to alert on potential
•
mis-use or distribution of client-proprietary or sensitive data
Compliance Monitoring – The ability to alert on potential compliance violations by
•
integrating IT Asset data with real-time security monitoring
Loss Prevention Monitoring – The ability to identify and alert upon potentially
•
fraudulent and / or money-laundering activity and intercept fraudulent trades
before confirmation.
Work during Phase 3 – Integration Services includes the following tasks:
1. Configure & Install Development Environment
2. Implement Level 2 Use Cases and Interface Component
3. Test and Document System Configuration
4. Roll-out SIEM from Development to Production Environment
5. Knowledge Transfer and Training
Phase 4 – SIEM Co-Sourcing Services
With years of experience designing and building SIEM solutions for our clients, COMPANY
also offers long-term support for each solution we build. Through our SIEM Co-Sourcing
Services, we provide a variety of 24x7 monitoring and management services to ensure
long-term health of your SIEM Solution.