Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Viewpoint: Correlate SIMs and log management

Thumbs Up
I wanted to extend a hearty well done and congratulations to your staff for the awesome work you did on the July/August issue of Information Security magazine (CISO Survival Guide). Each page of the issue had something useful and meaningful to me as a CISO and security professional. Also, I really liked the use of colors and layout--for some reason the yellow really was an appeal to the many pages.

Very well done; my compliments.

Ernie Hayden, CISO, Manager Enterprise Information Security, Port of Seattle

Correlating SIMs and Log Management
I read with great interest your recent article ("Providing Clarity," June 2007) that focused on security information management (SIM) tools.

The article touched very briefly on "the fine line" between log management tools and SIM. From my experience working with customers, best practices in log management play a key role in successful security and compliance initiatives. Therefore, I would suggest that any organization currently researching SIM tools would benefit from looking into this correlation.

SIM and log management tools are intrinsically linked: If we think of the general phases of data analysis as acquisition, examination, utilization and review, then log management corresponds to the automated parts of acquisition and examination, and SIM functionality would then represent the "contextual" parts of examination, utilization and review. In order to get that value (analysis) out of your raw information and all of your data, you have to be able to capture and manage it first. Log management capabilities form the foundation for the event analytics that eventually support the success of security and compliance initiatives.

Additionally, since security and compliance log event data has emerged as a critical type of information, it is imperative that organizations effectively manage it. To do this correctly, businesses must actively consider the management of security/ compliance event log data over the complete security information lifecycle, from the time the event record is generated through the time it is no longer needed for compliance or audit purposes. Only then will they have an effective security information management solution.

Andy Smith, Director Product Management, Information and Event Management Group, RSA, The Security Division of EMC

Educational Omission
After reviewing your list of schools in the "Survival 101" article (July/August 2007), I noticed you did not include Capella University in the list.

Capella University is also an NSA Center of Academic Excellence. I only mention this because they deserve to be listed right along with the other schools you mention. If you're going to mention educational opportunities for people to pursue, please show them the entire field to choose from.

Brock Frary, Senior Information Security Analyst, Fifth Third Bank

Mac-Daddy Encryption
Neil Roiter's article ("Hard Core," July/August) talks about laptop encryption, mentioning several software companies' products and eventually disk encryption embedded on the hard drive itself. Yet in the picture, we see a PowerBook laptop by Apple that has done encryption since the release of OS X 10.3 (Panther, released October 2003), and not a word of it in the text.

OS X can encrypt home folders and can create encrypted containers more easily than most software; also it is native to the operating system.

For a business executive it is a no-brainer to encrypt data. I see this as a major omission in the article.

Philippe Bastien, IT Security Senior Analyst, Okiok

Julia Allen was incorrectly identified in the article "Stormy Weather" in the July/August issue of Information Security.


Contact Us
Send your comments to
[email protected].
We reserve the right to edit letters for clarity and space.


Dig Deeper on Data privacy issues and compliance