ABSTRACT

Before a chapter discussing enterprise security management (ESM) can be written, an acceptable

definition must be made as a basis for further discussion. Ironically, this process has turned out to be a

difficult one because several different, equally valid, and generally accepted definitions are used in the

security industry today. To further cloud the issue, other concepts, systems, and programs exist that are

similar in nature and often used interchangeably, such as enterprise risk management (ERM) and

security information/event management (SIM/SEM). ERM focuses on the identification, measurement,

mitigation, and monitoring of risks in areas such as economic, business, and information technology. As

we will see, a valuable input to a successful ESM program is a successful ERM program that provides a

majority of the required inputs, such as real-time information regarding the assets and vulnerabilities of

an enterprise. Additionally, an SIM or SEM tool is generally concerned with the collection, consolidation,

analysis, reporting, and alerting of security-related data such as logs, alerts, and processes. This tool is

often the one used to provide the requisite input into the ESM program, as detailed later in this chapter.

Some product-based companies offer software systems (or sometimes both hardware and software) based

on ESM solutions. These are generally centralized collection and analytical software-based tools that

collect security event data from any number of heterogeneous devices. Likewise, consulting organizations

offer the development of an ESM-based program that fully introduces and incorporates the ESM system

functionality into the security organization.