Security information management is the process of using software to collect data regarding the security systems on a computer. The intent of this process is to gather all security data into a single place, allowing for trend analysis and other forms of data correlation. This enables security administrators to detect any strange events on the computer network, which might indicate a possible breach in the system. In the alternative, security information management can simply be used to ensure that everything is functioning as expected on the network.
Event logs are the most typical form of security data collected during security information management. An event log is a file on the computer which records important occurrences on the system; in security terms, this might include a list of the individuals who logged into the network on a particular date, along with their session lengths and the usernames they used to log in. During security information management, the event logs from the various computers on the network are collected together by the security software. A technician then pours over the data, looking for trends or any other types of bizarre occurrences that might indicate problems on the system. Looking at the logs together can often illuminate trends that would otherwise remain undetected.
For example, looking at every log on the network might uncover the fact that the same employee is logged into two different computers at the same time. If the network is configured to disallow duplicate access, this can prove that specific feature of the network is either malfunctioning or has been disabled through malicious tampering. Without concentrating the logs together for security information management, this problem might never come to light.
The skill of the technician hired to review logs is crucial to the effectiveness of security information management. Without a technician trained and experienced in the parameters of the network, many of these seemingly innocent issues might go undetected. Due to this, the effectiveness of security management hinges not necessarily on the software, but mostly on the competency of the person tasked with reviewing the data.