Overview
So you did a HIPAA/PCI GAP assessment and your consultant told you about the need to comply with centralized logging and monitoring requirement (HIPAA -§ 164.308(a)(1), § 164.308(a)(5), § 164.308(a)(6), §164.312(b), PCI – Requirement 10[1]) and suggested an SIEM deployment. Now, these questions fire up: which product, what price, who can monitor, how to set this up, what devices to include, what is important to include, determining events per second, retention timeframe, hardware sizing, and more. While there are sufficient resources online to help you answer these questions, there is an extent of internal readiness required before you should even kick-start an SIEM implementation. This paper is set to throw light on what those important components are and why you should be ready.
