Discerning Challenges of Security Information and Event Management (SIEM) Systems in Large Organizations

Discerning Challenges of Security Information and Event Management (SIEM) Systems in Large Organizations

연구 분야: Safety

학회: International Symposium on Human Aspects of Information Security and Assurance

Security Information and Event Management (SIEM) systems are essential for security experts in various daily tasks such as monitoring, anomaly detection, forensics, identifying indicators of compromises, threat hunting, and incident handling. Although many different SIEM systems are being used in large organizations, there needs to be more understanding of the existing challenges of SIEM systems from a human-centric cybersecurity perspective. The present study explores those challenges following a qualitative research approach utilizing the Delphi technique. Two rounds of interviews were conducted with twelve security experts in multiple large organizations. The experts expressed the challenges in the first round, exploring various components of user, usage, and usability of SIEM systems. Then, the challenges were divided into thirteen main categories based on the consensus level. In the second round, the experts validated and ranked the categories. Results show that the most significant challenges are related to usage, followed by usability and user components.