An Adaptable Approach for Successful SIEM Adoption in Companies

TL;DR

This paper develops a generic, adaptable procedure model for implementing SIEM systems in companies, aiming to improve early attack detection and response, validated through application in a corporate setting.

Contribution

It introduces a holistic, academic-based methodology for SIEM implementation that is independent of specific products or vendors.

Findings

The procedure model was validated as applicable in a corporate context.

The model supports early detection and response to cyberattacks.

Future work includes applying the model across diverse enterprises.

Abstract

In corporations around the world, the topic of cybersecurity and information security is becoming increasingly important as the number of cyberattacks on themselves continues to grow. Nowadays, it is no longer just a matter of protecting against cyberattacks, but rather of detecting such attacks at an early stage and responding accordingly. There is currently no generic methodological approach for the implementation of Security Information and Event Management (SIEM) systems that takes academic aspects into account and can be applied independently of the product or developers of the systems. Applying Hevner's design science research approach, the goal of this paper is to develop a holistic procedure model for implementing respective SIEM systems in corporations. According to the study during the validation phase, the procedure model was verified to be applicable. As desire for future research, the procedure model should be applied in various implementation projects in different enterprises to analyze its applicability and completeness.