monthly reports for IS auditors?

Which of the following is the BEST type of program for an organization to implement to aggregate, correlate and store different log and event files, and then produce weekly and
monthly reports for IS auditors?

Which of the following is the BEST type of program for an organization to implement to aggregate, correlate and store different log and event files, and then produce weekly and
monthly reports for IS auditors?

A.
A security information event management (SIEM) product

B.
An open-source correlation engine

C.
A log management tool

D.
An extract, transform, load (ETL) system

Explanation:
A log management tool is a product designed to aggregate events from many log files (with distinct formats and from different sources), store them and typically correlate them offline to produce many reports (e.g., exception reports showing differentstatistics including anomalies and suspicious activities), and to answer time-based queries (e.g., how many users have entered the system between 2 a.m. and 4 a.m. over the past three weeks?). A SIEM product has some similar features. It correlatesevents from log files, but does it online and normally is not oriented to storing many weeks of historical information and producing audit reports. A correlation engine is part of a SIEM product. It is oriented to making an online correlation of events. An extract, transform, load (ETL) is part of a business intelligence system, dedicated to extracting operational or production data, transforming that data and loading them to a central repository (data warehouse or data mart); an ETL does not correlate data or produce reports, and normally it does not have extractors to read log file formats.



Leave a Reply 2

Your email address will not be published. Required fields are marked *


popo

popo

There are many SIEM products that do store historical information and produce Audit Reports. The question seems vague.

S

S

SIEM IS THE CORRECT ANSWER