Security Level Management

Security Level Management (SLM ) is a quality assurance system for electronic information security. SLM has to make the goal any time company-wide transparent manner and IT security IT security status to a measurable size. Transparency and measurability are prerequisites so IT security can be proactively monitored and continually improved.

SLM is based on the phases of the Demingkreises / Plan-Do- Check-Act PDCA cycle: As part of an SLM abstract security policies or IT compliance policies of a company in operational, measurable targets are transferred to the IT security infrastructure. The operational objectives are the achievable security level. The Security Level is permanently checked against the current performance of protection systems ( malware scanner, patch systems, etc.). Deviations can be detected early and adjustments are made to the protection systems.

SLM is the responsibility spectrum of the Chief Security Officer ( CSO), the Chief Information Officer ( CIO) or Chief Information Security Officer (CISO), report directly to senior management about IT security and data availability report.

Classification

SLM is related to the disciplines of Security Information Management (SIM ) and Security Event Management ( SEM), which summarizes the Gartner in its "Magic Quadrant for Security Information and Event Management " and defined as follows: " [ ... ] SIM Provides reporting and analysis of data from host Primarily systems and applications, and secondarily from security devices - to support security policy compliance management, internal threat management and regulatory compliance Initiativen SIM supports the monitoring and incident management activities of the IT security organization [ .... ]. SEM Improves security incident response capabilities. SEM processes near-real - time data from security devices, network devices and systems to Provide real-time event management for security operations. [ ... ] "

SIM and SEM related to the infrastructure to implement higher-level security goals, but do not describe a strategic management system with objectives, measures, revisions and actions derived from it. The main function of such systems is to support IT operations in the search for anomalies in the network that are reported by evaluations and comparisons of log data is.

SLM can be classified under the strategic umbrella of IT governance that ensure, through appropriate organizational structures and processes that IT supports the business strategy and objectives. With SLM CSOs, CISOs, CIOs can demonstrate that they ensure adequate protection of process-relevant electronic data and thus play their part in IT governance.

Steps to a Security Level Management

Security Level define (Plan): Every entity security policies firmly. The management objectives defined in terms of the integrity, confidentiality, availability and commitment of classified data. In order to check compliance with these specifications, concrete from the abstract security policies objectives for each security systems in the company must be derived. A security level consists of a collection of measurable limit and threshold values ​​. Example: From the parent security policies such as " Our employees should be able to work without interruption " have operational goals such as " Anti-virus systems at our German sites must within four hours after the release of the latest signature on the date to be " can be derived.

Limit and threshold values ​​are set separately for different locations and countries, because the IT infrastructure need to be considered on-site and other local conditions. Example: Office buildings in the German speaking are typically equipped with fast dedicated lines. Here it is quite realistic to limit the period for the supply of all computers with the latest anti-virus signatures to a few hours. For a plant in Asia with a slow modem connection to the Internet, a realistic limit to be set a little higher.

The Guide to IT Control " Control Objectives for Information and Related Technology Cobit " CobiT are companies guidance on how higher-level, abstract goals through several steps to measurable goals are transferred.

Collect data, analyze (Thu ): Information on the current status of the systems can be obtained from the log data and status reports of the various anti-virus, anti- spyware or anti-spam consoles. Cross-manufacturer working monitoring and reporting solutions can simplify and speed up the data collection.

Security Level Check (Check): SLM provides a continuous adjustment of the defined security level with the actual measured values. An automated real -time reconciliation supplies company a permanent current status report on the inter-site security situation.

Adjust protective structure (Act): an efficient SLM enables trend analysis and long-term comparative evaluations. By continually monitoring the security level vulnerabilities in the network can be identified early and proactively make appropriate adjustments are made to the protection systems.