Guy GolanGuy Golan


Getting buy-in to SIEM projects requires a business plan with clear alignment to business strategy and measurable ROIs, delegates heard at the Performanta IT Security Forum in Johannesburg.

The executive forum took an in-depth look at Security Incident and Event Management (SIEM), the challenges in securing business buy-in to SIEM projects, and the way in which they should be rolled out.

In an on-the-spot poll carried out during the forum, 33% of delegates indicated that their businesses and boards of directors were the main beneficiaries of their SEIM implementations, while 34% said the main beneficiaries were the and CIRT response team, 24% said they were the risk and compliance team and 9% said they were the technical management team.

Shamalan SoobiahShamalan Soobiah

Shamalan Soobiah, former CIO and member of the panel of IT experts at the forum, said he believed this figure was aspirational. “This is where we want to be, with the board seeing itself as the main beneficiary of projects,” he said. However, Soobiah and the other expert panellists did not believe that South African businesses had reached this point yet. Planning and rolling out SIEM projects and securing management buy-in were a primary focus of the forum. Panellist , chief technology officer, SA, noted that SIEM business plans had a greater chance of success if they were closely aligned to business strategy. “Business listens to the new style practitioner who understands strategy,” he advised.

On the question of the most important reasons for their choosing technologies for their SIEM projects, delegates voted:
· 38% requirements and integration into the existing landscape is well-defi ned
· 17% having internal skills to implement and run the technology
· 14% cost effective technology
· 11% a local partner that can deliver
· 5% technology is in top right of the quadrant
· 7% ease of use
· 8% ease of deployment

The panellists commented that fit for purpose and cost containment should be key considerations when selecting technologies. Hettie Booysen, head: operational risk, IT Risk at , noted: “What is most important is if it solves your problem – not where the solution is ranked.”

The delegates were also polled on the amount of planning they did for SIEM projects. They responded:
· 38% leave 20% unplanned for unknown factors
· 37% plan fully
· 18% have a 50-50 plan
· 7% what plan?

Vernon FryerVernon Fryer

Panellist Lynette Botha, senior manager Information Security and compliance at , commented that most projects had a level of ‘scope creep’ and that technologies and the environment could change rapidly, impacting on the original plan.

Performanta Group CEO says he believes management and board levels of enterprises are beginning to take information more seriously, which would help close the long-standing disconnect between information and business management. The Performanta executive forum, he said, aimed to help IT specialists to bridge the divide and better align their projects with business strategy.