Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

An Adaptable Approach for Successful SIEM Adoption in Companies

Maximilian Rosenberg, Bettina Schneider, Christopher Scherb, Petra Maria Asprion

TL;DR

The paper tackles the absence of a generic, product-independent procedure for SIEM adoption in enterprises amid rising cyber threats. It leverages Hevner’s Design Science Research to produce a holistic, three-phase procedure (Evaluation, Deployment, Operation) that is grounded in traditional project-management and agile practices, and anchored by security frameworks (NIST CSF, ISO/IEC 27001, MITRE Att&ck). The artifact is validated through expert interviews and a Swiss case study, confirming its practical applicability and flexibility, while highlighting areas for refinement such as IT strategy alignment and SLA considerations. The resulting framework offers a vendor-neutral, adaptable path for implementing SIEM systems, with explicit guidance on use-case development, log-source integration, and a structured handover to operations. The authors advocate applying the procedure across more organizations to further assess completeness and generalizability, and to broaden the set of referenced frameworks.

Abstract

In corporations around the world, the topic of cybersecurity and information security is becoming increasingly important as the number of cyberattacks on themselves continues to grow. Nowadays, it is no longer just a matter of protecting against cyberattacks, but rather of detecting such attacks at an early stage and responding accordingly. There is currently no generic methodological approach for the implementation of Security Information and Event Management (SIEM) systems that takes academic aspects into account and can be applied independently of the product or developers of the systems. Applying Hevner's design science research approach, the goal of this paper is to develop a holistic procedure model for implementing respective SIEM systems in corporations. According to the study during the validation phase, the procedure model was verified to be applicable. As desire for future research, the procedure model should be applied in various implementation projects in different enterprises to analyze its applicability and completeness.

An Adaptable Approach for Successful SIEM Adoption in Companies

TL;DR

The paper tackles the absence of a generic, product-independent procedure for SIEM adoption in enterprises amid rising cyber threats. It leverages Hevner’s Design Science Research to produce a holistic, three-phase procedure (Evaluation, Deployment, Operation) that is grounded in traditional project-management and agile practices, and anchored by security frameworks (NIST CSF, ISO/IEC 27001, MITRE Att&ck). The artifact is validated through expert interviews and a Swiss case study, confirming its practical applicability and flexibility, while highlighting areas for refinement such as IT strategy alignment and SLA considerations. The resulting framework offers a vendor-neutral, adaptable path for implementing SIEM systems, with explicit guidance on use-case development, log-source integration, and a structured handover to operations. The authors advocate applying the procedure across more organizations to further assess completeness and generalizability, and to broaden the set of referenced frameworks.

Abstract

In corporations around the world, the topic of cybersecurity and information security is becoming increasingly important as the number of cyberattacks on themselves continues to grow. Nowadays, it is no longer just a matter of protecting against cyberattacks, but rather of detecting such attacks at an early stage and responding accordingly. There is currently no generic methodological approach for the implementation of Security Information and Event Management (SIEM) systems that takes academic aspects into account and can be applied independently of the product or developers of the systems. Applying Hevner's design science research approach, the goal of this paper is to develop a holistic procedure model for implementing respective SIEM systems in corporations. According to the study during the validation phase, the procedure model was verified to be applicable. As desire for future research, the procedure model should be applied in various implementation projects in different enterprises to analyze its applicability and completeness.
Paper Structure (22 sections, 10 figures, 6 tables)

This paper contains 22 sections, 10 figures, 6 tables.

Table of Contents

  1. Introduction
  2. Methodology
  3. Problem Awareness
  4. From Log Management to SIEM Systems
  5. SIEM Implementation
  6. Requirements for SIEM Implementation Procedure
  7. Analysis
  8. Implementation Procedures
  9. Security Frameworks
  10. NIST Cybersecurity Framework (CSF)
  11. ISO/IEC 27001 Information Security Management
  12. MITRE Att&ck Framework
  13. Elements of SIEM Implementation Procedure Model
  14. Development (4 pages)
  15. Implementation Prodecure Model
  16. ...and 7 more sections

Figures (10)

  • Figure 1: Design Science Research Design according to Kuechler and Vaishnavi kuechler_theory_2008.
  • Figure 2: Procedure Models Research Result (based on [26 - 31])
  • Figure 3: Procedure Model Elements
  • Figure 4: Phases incl. Magic Project Management Triangle
  • Figure 5: Draft of the Evaluation Phase
  • ...and 5 more figures