Managed Compliance & SIEM Services - WHAT are they?
Compliance management and security information and event management (SIEM) services divide into two distinct (but similar) parts. The first is for organisations required to monitor their systems against standards and regulations such as PCI DSS, Sarbanes–Oxley, HIPAA, COBIT, and Basel II, and report their compliance. The second provides a reliable picture of the state of IT security through the use of tools that correlate, aggregate, store and analyse security logs.
Both are integral to good IT governance. Compliance management ensures organisations meet legal and regulatory requirements; SIEM services create a system to identify problems quickly and carry out forensic tests to allow the right action to be taken.
WHEN do I need them?
Organisations will typically need to report their compliance annually – and monitor it regularly. SIEM services should be ongoing.