Establishing a Practical Routine for Reviewing Security Logs

The term security information management (SIM) refers to the discipline of collecting and analyzing security events to detect or investigate malicious activities. Essential to this process are the individuals who review the gathered data and decide whether the events constitute an incident and should be escalated. Information security logs that are not regularly reviewed are hardly useful and can be a liability to an organization.

Sometimes reviewing security logs can be fun. Don't get me wrong—sifting through mounds of data to identify the notable events is not always my favorite pastime. However, the pursuit of correlating seemingly unrelated events, determining the cause of an unusual alert or detecting an intrusion at its onset can be pretty rewarding.

Even though the review of security logs is critical to the success of a SIM program, doing so regularly and comprehensively is not easy.