Last Updated on October 4, 2019
Recently I joined a vCISO call with one of our SaaS clients. They are considering ISO 27001 certification and immediately presented us with the question: “Do we need AlienVault (now called AT&T Cybersecurity) to be ISO 27001 certified?”
Nothing like going from zero to 60 in 9 words :>)
It was both a very easy and very challenging question to answer. Before diving in, it’s important to note the question was specific to AlienVault because the client knew that we use it as part of our ISO 27001 certified ISMS, and also with a number of our ISO 27001 certified clients. However, my thoughts to follow are applicable to any good security information and event management (SIEM) solution.
My short answer was “no.”
Unfortunately, anyone who knows me knows that brevity isn’t my forte, and not surprisingly a (much) longer answer and conversation followed.
More explanation was needed because ISO 27001 tells you what you need to accomplish, but not exactly how you need to accomplish it. So, a SIEM is only a “requirement” if you determine it is.
Typically a SIEM would be a “requirement” if it is the only way, or the most effective way, to ensure that you have the logging information you need to ensure that you can detect and respond to a security incident in a timely manner. (A SIEM is also a great tool to demonstrate compliance.)
ISO 27001 Annex A includes four logging specific controls that are SIEM related, an ..
Support the originator by clicking the read the rest link below.
