SIEM as Security Information and Event Management:
SIEM is a centralized and powerful supervision system that traditionally included two parts:
A SIM (Security Incident Management) dealing with post analysis, storage, archival, compliance, reporting. But also with internal threats linked to logging management delivering reports and detailed analysis. An SEM (Security Event Management) collecting and handling real-time data to analyze logs coming from IT systems, networks and applications. It allows IT event management. Event correlation is the ultimate tool to counterattack incidents and internal or external threats.
To be 100% efficient, organizational, human and legal aspects have to be taken into consideration when deploying SIEM software. And that often goes overlooked. As every organization is different regarding security maturity, security threat, and internal operational capabilities. A SIEM needs the adequate processes behind it to gives all its potential.