EDO4SIEM – A PROCEDURE MODEL FOR THE IMPLEMENTATION OF SECURITY INFORMATION AND EVENT MANAGEMENT SYSTEMS IN ORGANISATIONS

The topic of cybersecurity is becoming increasingly important as the number of cyberattacks continues to grow; it is no longer just a matter of protecting, but rather of detecting cyberattacks at an early stage and responding accordingly. Detecting cyberattacks in organisations is an increasingly difficult task, since the ability of malware to hide from Anti-Virus systems has massively improved. Therefore, more sophisticated security measures are required, to protect complex information systems from cyberthreats. One of the state-of-the-art solutions is a ´Security Information and Event Management´ (SIEM) system, which collects all security related information and events on a central location. Thus, it is possible to correlate and better analyse security-related events, detect, and defend sophisticated threats. The deployment of a SIEM system (SIEMS) is a process where all devices in the network need to be registered and integrated. There is no generic model for the evaluation, deployment, and operation of a sufficient SIEMS that can be applied independently of the dedicated vendor. Usually, vendors provide deployment guides for their SIEMS; however, these are product-specific and not scientifically evaluated. Applying Design Science as methodological approach, the goal of this research was to develop and scientifically validate a generic model called ´EDO4SIEM´ for the vendor-neutral evaluation, deployment, and operation of a SIEMS in organisations. As desire for future research, the model should be applied in various organisations to confirm its applicability and to further develop it.