Why a SIEM Is Not a SIM
Why It Rhymes With SEEM
(And its Not the I Before E Rule)
Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . .
It’s the Gestalt. The idea that the whole is greater than the sum of it’s parts. That’s not something that is often brought into everyday conversation, but when I talk about the SIEM, and it’s long “E” sound, I can’t help but mention it.
As we continue to hear people call our Security Information and Event Management system a sim, (as in sim card or the Sim City or the Sims), I’d like to explain why we still stick to the long form vowel, and rhyme the name of our SIEM with seem.
I wish it could be blamed on grammar. While our favorite English teacher would say “i before e, except after c,” we’ve already dissed the use of good grammar, given we always spell Client with a capital c at infotex, a company that does not capitalize its own name. We do that so that Clients always have a higher priority than infotex.
So whenever you hear us say seem instead of sim, think “gestalt.”
We agree that a Security Information Management system may be called a SIM, and a Security Incident Management system may be called a SIM, but our system is not only about security incidents, nor security information. It’s about the gestalt; the three teams coming together to act as one Technology Risk Monitoring team; the information, the event, and the process of using that information to prevent that event, or at least turn it less impactful.
The process of managing security events.
Without the information, the event is not well-managed. Without expecting – truly expecting – that the ultimate use of security information is to prevent and respond to events, it may be a SIM. But we want our system to continue evolving towards a better use of Security Information – to prevent and manage Security Events – and thus it is a whole that is greater than the sum of its parts – a SIEM, as in seem.
Original article by Dan Hadaway CRISC CISA CISM. Founder and Managing Partner, infotex
Dans New Leaf is a fun blog to inspire thought in the area of IT Governance.