A Gradual Approach to SIEM Implementation in ICS/SCADA Systems

Verified

Added on 2023/04/21

AI Summary

This report outlines a strategy for implementing Security Information and Event Management (SIEM) within Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems. It advocates for a gradual, step-by-step approach, beginning with a thorough discovery and planning phase to assess organizational goals, security policies, and existing weaknesses. The report then details a pilot phase to test SIEM in a smaller subset of technologies, followed by a controlled deployment phase to build capacity and refine workflows. Emphasizing continuous development, the report highlights the need for ongoing improvement and adaptation to evolving cyber threats. The ultimate goal is to enhance operations and maintain economic balance within the company by proactively addressing security vulnerabilities and ensuring robust protection against malicious attacks. The report references several academic sources to support its recommendations.

Running head: SIEM IMPLEMENTATION
SIEM Implementation
Name of the Student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1SIEM IMPLEMENTATION
SIEM Implementation
The best way to implement SIEM within ICS/SCADA system is the gradual approach
that would enable an understanding of the current system and implement the strategy step by step
based on the analysis while fine tuning all along the way (Vilendečić, Dejanović & Ćurić, 2017).
The report below would present the idea of how to have SIEM implementation while having the
best possible way of making the system go forward.
Discovery and Planning Phase
In the discovery and planning phase, it is necessary that the review of the entire
organisation is done before the SIEM implementation. This would begin with and analysed list
of goals and objectives that have been ranked as per the importance according to the needs of the
organisation. To understand this it is needed to process the analysis to understand the critical task
that would support the implementation and then they should be prioritised accordingly
(Michelberger & Dombora, 2016). The security policies, on the other hand, should also be
reviewed to prioritise the policies that would be important for the business and the policies that
would be important for the company’s complaints with rules and best practices. This would
make way for the SIEM implementation in a small scale but an effective way where the primary
goal of the entire implementation process would be to identify the weaknesses and the gaps
present in control execution so that the implementation plan can be a remedy to them. The gaps
should be plugged before any security elements and controls are incorporated within the
implementation process or else there would be no value added to the alerting and monitoring
process.

2SIEM IMPLEMENTATION
Pilot Phase
The pilot phase would have two stages of the implementation phase where there would be
two set of goals to be reached. This would be the demonstration of the SIEM system that brings
over the return on investment and have the working model and a run book. In this Discovery
stage it would be important to run the SIEM in a smaller subset of technologies that would
represent almost all of the devices and policies within the organisation. When the pilot stage goes
to an initial success it would be easier to apply all the lessons that has been learn from the
generated in collected data during this discovery phase. Going further with the implementation
process would reflect the improvements made on the largest subsets within the organisation
regarding the policies and devices (Kotenko & Doynikova, 2015). However it should be always
kept in mind that the pirate bays does not form the complete rollout. Instead all the assumptions
that has been made regarding the implementation process is to be figured out by the analysis of
the pilot phase and only after achieving satisfactory results of the testing the implementation
process would have all the data and information regarding for the control deployment phase to be
implemented within the entire organisation.
Controlled Deployment Phase
The entire implementation process does not have to be completed in a continuous swift
process. Instead it can be gradually and steadily approached to build a capacity at first through
this stage called the control deployment phase. This is the phase where it is easier to develop a
workflow system that would allow the implementation process after building the capacity
required for the entire organisation including the analysis of the testing phase and real production
environment (Nazir et al., 2017). However the phase also needs all the processes and procedures
including the operations to be clearly chalked out in the precursor phase.

3SIEM IMPLEMENTATION
Continuous Development Phase
It is not necessary that a successful SIEM implementation and deployment process is a
one-time phase. This is because with every development in the technological error implemented
within the business, the hackers have been becoming more active in developing a much more
sophisticated method for attacking the business system. network is required that there should be
a random improvement process continuous on to evolve the entire process to be ahead of these
malicious attackers ok and plans on to any time (Nabil et al., 2017). After the control
development phase has been completed it is required that a continuation of the roll out from the
previous phase be implemented within the SIEM system for the organisation (Raja &
Vasudevan, 2017). This will enable the idea of the data generated and the production phase to
find out how everything works. All these gather data and information is needed to find tune the
implementation and deployment process as well as developed the security policies of the
organisation and the processes. This definitely means that the implementation and deployment
plan of SIEM is always under a constant change and this process can never be come to a stop,
rather than it should always be checked, for further improvement while eradicating the hacking
attacks in the way.
Conclusion
Therefore, if all the above mentioned policies for the SIEM implementation are applied
well within the ICT/SCADA system, it would have a match enhanced operations and economical
balance within the company. Above are all the considerations and suggestions to be made before
proceeding with the implementation process.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4SIEM IMPLEMENTATION
Bibliography
Kotenko, I., & Doynikova, E. (2015, March). Countermeasure selection in SIEM systems based
on the integrated complex of security metrics. In Parallel, Distributed and Network-
Based Processing (PDP), 2015 23rd Euromicro International Conference on (pp. 567-
574). IEEE.
Michelberger, P., & Dombora, S. (2016). A possible tool for development of information
security: SIEM system. Ekonomika, 62(1), 125-140.
Nabil, M., Soukainat, S., Lakbabi, A., & Ghizlane, O. (2017, May). SIEM selection criteria for
an efficient contextual security. In Networks, Computers and Communications (ISNCC),
2017 International Symposium on (pp. 1-6). IEEE.
Nazir, A., Alam, M., Malik, S. U., Akhunzada, A., Cheema, M. N., Khan, M. K., ... & Khan, A.
(2017). A high-level domain-specific language for SIEM (design, development and
formal verification). Cluster Computing, 20(3), 2423-2437.
Raja, M. S. N., & Vasudevan, A. R. (2017). Rule Generation for TCP SYN Flood attack in SIEM
Environment. Procedia Computer Science, 115, 580-587.
Vilendečić, B., Dejanović, R., & Ćurić, P. (2017). The Impact of Human Factors in the
Implementation of SIEM Systems. Journal of Electrical Engineering, 5, 196-203.