SIEM buy-in in the spotlight
Getting buy-in to SIEM projects requires a business plan with clear alignment to business strategy and measurable ROI, delegates at the Performanta IT Security Forum in Johannesburg yesterday heard.
The executive forum, attended by over 100 local CIOs, CISOs and IT security professionals, took an in-depth look at Security Incident and Event Management (SIEM); the challenges in securing business buy-in to SIEM projects; and the way in which they should be rolled out.
In an on-the-spot poll carried out during the forum, 33% of delegates indicated that their businesses and boards of directors were the main beneficiaries of their SEIM implementations, while 34% said the main beneficiaries were the security and CIRT response team. A further 24% said they were the risk and compliance team benefited and 9% said the technical management team.
Shamalan Soobiah, former Standard Bank CIO and member of the panel of IT security experts at the forum, said he believed this figure was aspirational. "This is where we want to be, with the board seeing itself as the main beneficiary of security projects," he said. However, Soobiah and the other expert panellists did not believe that South African businesses had reached this point yet.
Planning and rolling out SIEM projects and securing management buy-in were a primary focus of the forum. Panellist Vernon Fryer, chief technology security officer at Vodacom SA, noted that SIEM business plans had a greater chance of success if they were closely aligned to business strategy. "Business listens to the new style security practitioner who understands strategy," he advised.
On the question of the most important reasons for their choosing technologies for their SIEM projects, 38% of the delegates voted that requirements and integration into the existing landscape is well-defined, 17% said they had the internal skills to implement and run the technology.
The cost-effective technology, a local partner that can deliver, while ease of use and ease of deployment were also cited.
The panellists commented that fit for purpose and cost containment should be key considerations when selecting technologies. "What is most important is if it solves your problem - not where the solution is ranked," Hettie Booysen, the head of operational risk, IT Risk at Standard Bank, noted.
Panellist Lynette Botha, senior manager for information security and compliance at MTN, commented that most projects had a level of 'scope creep' and that technologies and the environment could change rapidly, impacting on the original plan.
Performanta Group CEO Guy Golan believes management and board levels of enterprises are beginning to take information security more seriously, which would help close the long-standing disconnect between information security and business management. The Performanta executive forum, he said, aimed to help IT security specialists to bridge the divide and better align their projects with business strategy.