What is SIM in information security?

SIM stands for Security Information Management. Security information management is a type of software that automates the set of event log data from security devices, including firewalls, proxy servers, intrusion-detection systems and anti-virus applications.

The SIM interprets the logged information into the correlated and simplified structure. Some SIM mechanism supports security documenting, analysis, and documenting for Sarbanes-Oxley, HIPAA, Basel II, FISMA, and Visa CISP compliance audits.

A SIM automates group and analysis of data from some security elements in a network. Instead of having to view logs and alerts from the firewall, IDS, anti-virus, VPN, and some security systems, a security manager can get all of this information from an individual SIM console. Some SIMs easily aggregate documents from these several elements; others correlate the data to enhance the quality of complete security information.

Security Information Management (SIM) products (defined as Security Information and Event Management or Security Event Management) automate the manual procedure of collecting security-defined event-log data from file systems, security appliances, and different network devices.

These products which can be hardware, software, or a service, feature dataaggregation and network event-correlation feature same as those discovered in network management software. Information can be composed from firewalls, proxy servers, intrusion-detection systems, intrusion prevention systems, routers and switches, and anti-spam, anti-virus, and anti-spyware application.

Moreover, it can be able to access several sources for this data, SIM products try to distinguish themselves by how rapidly they can collect the data without missing an event, how well they can correlate specific security events with customer identities, and how rich their documenting capabilities are to support managers.

The goals of Security Information Management are to avoid interruptions to business activities and provide the correct and secure service of computer and network facilities. It can be acquired by −

  • It can be minimizing the risk of systems failures (through the need to allocate operational processes and plans).

  • It can be used to safeguard the integrity of the organization’s application and data.

  • It can be supporting the integrity and availability of data services, networks, and supporting infrastructure.

  • It can be prohibitive damage to assets by ruling and physically protecting computer media.

In a security event management (SEM), this is an automated tool used on company data networks to centralize the storage and analysis of logs and events produced by other network software. The software agents can insert in local filters to reduce and control the data transmitted to the server. Security is generally monitored by an administrator, who reviews data and responds to some alerts that are issued. The data that is shared to the server to be related and examined is translated into a common form, usually XML.