Security Level Management
Security Level Management (SLM) is a quality assurance system for IT security. The aim is to represent the security status of each individual system in the network transparently at all times. This transforms IT security into a measurable and manageable factor - And improves quality assurance considerably as a result, while minimizing the residual risk.
IT Security can only be improved constantly if the actual performance of the security systems in the network can be viewed at all times and compared with the target specifications. Security level management is a strategic management system that allows for just this: with aims, measures, revisions, and actions to be derived in the form of a management control cycle.
Security Level Management and systems for security information and event management (SIEM) need to be differentiated between. The main purpose of the latter is to support IT operations in pinpointing anomalies in the network, which are then reported by evaluating and comparing log data.
SLM is oriented towards the phases of the Deming "Plan, Do, Check, Act" Cycle. It is an ideal complement to the check phase performed by the information security management system in accordance with ISO/IEC 27001. The steps are as follows:
 |
| PDCA Cycle by ISO 27001 |
Defining the security level (Plan):
During the Plan phase, concrete targets for individual security systems at the company are derived from abstract security policies. A security level consists of a collection of measurable limiting and threshold values. Operative aims like "the anti-virus systems at our German sites need to be at the newest level no later than four hours after the appearance of the current signature" are derived from parent security policies like "our virus protection system needs to be state-of -the-art", or "our employees should be able to work without being interrupted."
Collecting and analyzing data (Do):
The information on the current status of the systems is gleaned from the log file and status reports provided by individual anti-virus, anti-spyware, or anti-spam consoles. The data is collected fully automatically and data integrity is guaranteed.
Checking the security level (Check):
SLM prescribes continual reconciliation of the security level defined against the current values measured. Automated real-time reconciliation supplies the company with a constantly up-to-date status report on the security situation across all locations.
Adjusting the security structure (Act):
The rolling observation of the security level allows weak spots in the network to be pinpointed early on. Proactive adjustments in the security systems can be made on this basis.
Monitoring and reporting solutions, such as AMPEG Security Lighthouse (ASL), which function across all applications, irrespective of the vendor, come into play, especially in the "Do" and "Check" phases of the SLM cycle. They are designed to minimize the residual risk and safeguard the quality of IT security.
Within the scope of security level management, monitoring systems should fulfill the following enterprise IT security tasks by:
- Creating a central, standardized and vendor-independent database from the relevant security information specific to the security systems employed.
- Constantly comparing target and actual values.
- Visualizing the current security status in traffic light colors like the ones in the geographical overview on the AMPEG Security Lighthouse Security Information Map.
- Checking the current security status constantly to ensure that the end points in the corporate network are adequately secured against current threats and weak spots.
- Supporting processes for continually and efficiently improving electronic security through focused, cross-locational, long-term analyses of the security information.
- Supporting the security management team and security officer in achieving a measurable improvement in information security, and establishing quality assurance in IT security to minimize the residual risk.