Examining the Return on Investment of a Security Information and Event Management Solution in a Notional Department of Defense Network Environment

Abstract

Sophisticated cyber threats represent a significant adversary in the evolving world of the cyber domain. Furthermore, determining whether or not an attack has taken place and the extent of the damage caused requires significant resources. In order to guarantee reliable detection, prevention and mitigation of these advanced threats, the Department of Defense (DoD) must invest in advanced information security technologies that increase the defensive capabilities of its information networks. This thesis focuses on Security Information and Event Management (SIEM) systems as an enabling technology that possesses the advanced security capabilities required to address sophisticated, evolving cyber threats. The research explores the capabilities of this technology in terms of the speed of detection, depth of investigative power, and additional value provided. Additionally, this research attempts to quantify the return on investment that a SIEM solution could provide when deployed in a notional DoD network architecture. Ultimately, the research provided in this thesis endeavors to justify DoD investment in SIEM technology. The focus of this research revolves around a qualitative description of the inherent capabilities of SIEM products and utilizes several Return on Security Investment models in an attempt to quantitatively define the value of these capabilities in a DoD network.

Document Details

Document Type

Technical Report

Publication Date

Jun 01, 2013

Accession Number

ADA583794

Entities

Tags