Security information management
SIM products generally are software agents running on the computer systems that are to be monitored, which then send the log information to a centralized server acting as a "security console". The console typically displays reports, charts, and graphs of that information, often in real time. Some software agents can incorporate local filters, to reduce and manipulate the data that they send to the server, although typically from a forensic point of view you would collect all audit and accounting logs to ensure you can recreate a security incident.
The data that is sent to the server to be correlated and analyzed, are normalized by the software agents into a common form, usually XML. Those data are then aggregated, in order to reduce their overall size.
The terminology can easily be mistaken as a reference to the whole aspect of protecting one's infrastructure from any computer security breach. Due to historic reasons of terminology evolution; SIM refers to just the part of information security which consists of discovery of 'bad behavior' by using data collection techniques. The term commonly used to represent an entire security infrastructure that protects an environment is commonly called information security management (InfoSec).
Security information management is also referred to as log management and is different from SEM (security event management), but makes up a portion of a SIEM (security information and event management) solution.
- J.L. Bayuk (2007). Stepping Through the InfoSec Program. ISACA. p. 97.
- John Wylder (2004). Strategic Information Security. CRC Press. p. 172. ISBN 9780849320415.
- Cyrus Peikari and Anton Chuvakin (2004). Security Warrior. O'Reilly. pp. 421–422. ISBN 9780596552398. Retrieved 17 January 2014.
- http://securityinformationeventmanagement.com/ Understanding SIEM
- http://www.siem.su/ SIEM Analytics