Wednesday, 16 October 2013 07:10
Written by Tracy Burrows
Guy Golan
Getting buy-in to SIEM projects requires a business plan with clear alignment to business strategy and measurable ROIs, delegates heard at the Performanta IT Security Forum in Johannesburg.
The executive forum took an in-depth look at Security Incident and Event Management (SIEM), the challenges in securing business buy-in to SIEM projects, and the way in which they should be rolled out.
In an on-the-spot poll carried out during the forum, 33% of delegates indicated that their businesses and boards of directors were the main beneficiaries of their SEIM implementations, while 34% said the main beneficiaries were the
security and CIRT response team, 24% said they were the risk and compliance team and 9% said they were the technical management team.
Shamalan Soobiah
Shamalan Soobiah, former
Standard Bank CIO and member of the panel of IT
security experts at the forum, said he believed this figure was aspirational. “This is where we want to be, with the board seeing itself as the main beneficiary of
security projects,” he said. However, Soobiah and the other expert panellists did not believe that South African businesses had reached this point yet. Planning and rolling out SIEM projects and securing management buy-in were a primary focus of the forum. Panellist
Vernon Fryer, chief technology
security officer,
Vodacom SA, noted that SIEM business plans had a greater chance of success if they were closely aligned to business strategy. “Business listens to the new style
security practitioner who understands strategy,” he advised.
On the question of the most important reasons for their choosing technologies for their SIEM projects, delegates voted:
· 38% requirements and integration into the existing landscape is well-defi ned
· 17% having internal skills to implement and run the technology
· 14% cost effective technology
· 11% a local partner that can deliver
· 5% technology is in top right of the
Gartner quadrant
· 7% ease of use
· 8% ease of deployment
The panellists commented that fit for purpose and cost containment should be key considerations when selecting technologies. Hettie Booysen, head: operational risk, IT Risk at
Standard Bank, noted: “What is most important is if it solves your problem – not where the solution is ranked.”
The delegates were also polled on the amount of planning they did for SIEM projects. They responded:
· 38% leave 20% unplanned for unknown factors
· 37% plan fully
· 18% have a 50-50 plan
· 7% what plan?
Vernon Fryer
Panellist Lynette Botha, senior manager Information Security and compliance at
MTN, commented that most projects had a level of ‘scope creep’ and that technologies and the environment could change rapidly, impacting on the original plan.
Performanta Group CEO
Guy Golan says he believes management and board levels of enterprises are beginning to take information
security more seriously, which would help close the long-standing disconnect between information
security and business management. The Performanta executive forum, he said, aimed to help IT
security specialists to bridge the divide and better align their projects with business strategy.