ABSTRACT
Before a chapter discussing enterprise security management (ESM) can be written, an acceptable
definition must be made as a basis for further discussion. Ironically, this process has turned out to be a
difficult one because several different, equally valid, and generally accepted definitions are used in the
security industry today. To further cloud the issue, other concepts, systems, and programs exist that are
similar in nature and often used interchangeably, such as enterprise risk management (ERM) and
security information/event management (SIM/SEM). ERM focuses on the identification, measurement,
mitigation, and monitoring of risks in areas such as economic, business, and information technology. As
we will see, a valuable input to a successful ESM program is a successful ERM program that provides a
majority of the required inputs, such as real-time information regarding the assets and vulnerabilities of
an enterprise. Additionally, an SIM or SEM tool is generally concerned with the collection, consolidation,
analysis, reporting, and alerting of security-related data such as logs, alerts, and processes. This tool is
often the one used to provide the requisite input into the ESM program, as detailed later in this chapter.
Some product-based companies offer software systems (or sometimes both hardware and software) based
on ESM solutions. These are generally centralized collection and analytical software-based tools that
collect security event data from any number of heterogeneous devices. Likewise, consulting organizations
offer the development of an ESM-based program that fully introduces and incorporates the ESM system
functionality into the security organization.