A possible tool for development of information security: SIEM system

Abstract

The implementation of information security for governmental institutions is regulated by laws, which specify the development of complex regulation environment and implementation of information security solutions. The implementing regulation emphasizes the minimal user access rights principle, which means employees should be provided with necessary and sufficient rights to do their jobs, prescribes the implementation of a control system which limits user activities to the execution of their tasks, requires security analysis of information systems' log files of organizations handling large volume of personal data. Considering that the weakest point is the user, the most important aspect of log file processing is user activity analysis, building user profiles, identifying unusual events based on these and analyse them based on the data available about users for the organization. The paper discusses the goal, role, possibility, the importance and limitations of building user profiles instantly by analysing log files, considering efficiency, and all-inclusiveness with minimization of false alarms and administration tasks based on information available electronically about employees. By the end of the paper a cost-effective model is presented for automated user activity and profile analysis.