Security Information and Event Management (SIEM) Implemen... and over one million other books are available for Amazon Kindle. Learn more
Buy New
  • List Price: $65.00
  • Save: $32.50 (50%)
FREE Shipping on orders over $35.
In Stock.
Ships from and sold by
Gift-wrap available.
Security Information and ... has been added to your Cart
Trade in your item
Get a $2.00
Gift Card.
Have one to sell? Sell on Amazon
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See all 2 images

Security Information and Event Management (SIEM) Implementation (Network Pro Library) Paperback – October 25, 2010

ISBN-13: 978-0071701099 ISBN-10: 0071701095 Edition: 1st

Buy New
Price: $32.50
27 New from $3.25 19 Used from $2.95
Amazon Price New from Used from
"Please retry"
"Please retry"
$3.25 $2.95
Interested in Cloud Computing? Run virtually everything in the AWS Cloud. Web Apps, Big Data, and more. Get started for free.

Frequently Bought Together

Security Information and Event Management (SIEM) Implementation (Network Pro Library) + Logging and Log Management: The Authoritative Guide to Understanding the Concepts Surrounding Logging and Log Management
Price for both: $66.58

Buy the selected items together


Shop the new
New! Introducing the, a hub for Software Developers and Architects, Networking Administrators, TPMs, and other technology professionals to find highly-rated and highly-relevant career resources. Shop books on programming and big data, or read this week's blog posts by authors and thought-leaders in the tech industry. > Shop now

Product Details

  • Series: Network Pro Library
  • Paperback: 464 pages
  • Publisher: McGraw-Hill Osborne Media; 1 edition (October 25, 2010)
  • Language: English
  • ISBN-10: 0071701095
  • ISBN-13: 978-0071701099
  • Product Dimensions: 9 x 7.3 x 1.1 inches
  • Shipping Weight: 1.6 pounds (View shipping rates and policies)
  • Average Customer Review: 3.1 out of 5 stars  See all reviews (7 customer reviews)
  • Amazon Best Sellers Rank: #682,748 in Books (See Top 100 in Books)

Editorial Reviews

About the Author

David R. Miller, PCI QSA, SME, MCT, MCITPro Windows Server 2008 Enterprise Administrator, MCSE Windows NT 4.0, 2000, and Server 2003:Security, CISSP, LPT, ECSA, CEH, CWNA, CCNA, CNE, Security+, A+, N+, is an expert author, lecturer, and IT security consultant specializing in information systems security, compliance, and network engineering.
Shon Harris, CISSP, is the CEO of Logical Security, a computer security consultant, a former engineer in the Air Force's Information Warfare unit, an instructor and an author. She has authored three best selling CISSP books, is a contributing author to the book Gray Hat Hacking, and developed a full digital information security product series for Pearson publishing. Shon was recognized as one of the top 25 women in the Information Security field by Information Security Magazine.
Allen Harper, CISSP, is founder and president of N2NetSecurity, Inc., a consulting company specializing in advanced security and vulnerability analysis, penetration testing, SIEM implementation, and compliance. He served as a security engineer in the U.S. Department of Defense, and is a coauthor of Gray Hat Hacking.
Stephen VanDyke, CISSP, BCCPA, BCCPP, MCSA, Security+, Network+, was a founding member of the U.S. Army Reserve global network Computer Emergency Response Team and helped design and deploy its NetForensics SIEM. He implemented high end, multi-tiered security systems for the Multi-National Force - Iraq (MNFI) network.
Chris Blask, Vice President of Marketing at AlienVault, is on the faculty at the Institute for Applied Network Security, Co-founded Protego Networks (now Cisco MARS) and founded Critical Infrastructure Cybersecurity company Lofty Perch. Chris invented the BorderWare Firewall Server in the early days of the Internet Security market and built the Cisco Systems firewall business

More About the Authors

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

3.1 out of 5 stars
5 star
4 star
3 star
2 star
1 star
See all 7 customer reviews
Don't get me wrong; I appreciate the time and effort the authors put into the book.
M Runals
Ch9 tries to be a bit more useful (has two case studies), but collapses under the load of too many screenshots as well.
Dr Anton Chuvakin
Don't waste your money - better content can be found in books like Security Monitoring.

Most Helpful Customer Reviews

21 of 22 people found the following review helpful By Dr Anton Chuvakin on January 10, 2011
Format: Paperback
I was looking forward to reading this book for a few months - pretty much since the time I've heard that it is being written. Obviously, I has very excited when it arrived in my mailbox. Now have done reading it, I can say it left a mixed impression. Mostly positive -but still mixed. I definitely enjoyed reading it, despite (or maybe due to) the fact that I've been involved with SIEM for nearly 10 years.
Let me first go through other chapters and then give my overall impression. The book is organized in three big parts: "introduction to SIEM: threat intelligence for IT systems", "IT threat intelligence using SIEM systems " and "SIEM tools."
Chapter 1 covers security basics with minimum connections to SIEM. It might have that over-simplified refresher of what information security is about.
Chapter 2 can be summarized using the quote from the chapter itself: "the bad things that could happen." It contains another refresher on attacks, somewhat jumbled and somewhat dated. We're not really touching SIEM yet at this point.
Chapter 3 has an author view of regulatory compliance: the usual suspects I have mentioned - PCI DSS, HIPAA, FISMA, SB1386, SOX, GLBA, etc. HIPAA is not misspelled which counts as good news.
Chapter 4 has a bizarre name: "SIEM concepts: components for small and medium-sized businesses." It contains an overview of SIEM with little focus on SMB. It is mildly confusing (for example, it calls LogRhythm "a commercial syslog server"). It contains a few outright mistakes as well (like a mention of one log management vendor whose application reportedly covers "all 228 PCI controls"). The chapter tries to talk about everything (yes, even GRC) and makes a very weak impression.
Chapter 5 looks like a twin of the previous chapter.
Read more ›
3 Comments Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
7 of 9 people found the following review helpful By M Runals on January 30, 2011
Format: Paperback
In short - if you have been "doing" SIEM for any length of time you won't get a whole lot out of this book. Conversely if you are starting to venture down the SIEM path it would probably be worth picking up.

I first read about this book on Dr. Anton Chuvakin's blog. Even though his review was less than stellar, he did give it 4 stars. Similarly although the book's title includes "implementation" and I have been using ArcSight for a little over two years now so I figured I would give it a shot. I was hopeful...and ended up sort of disappointed. Don't get me wrong; I appreciate the time and effort the authors put into the book. There really isn't a whole lot of SIEM type information "out there" which is one of the main reasons I started my own SIEM-esque blog. I think this book has the most value if you haven't bought a SIEM yet through 3 or 4 months into your SIEM deployment as a way to level set the conversation (though the first part of the book is very basic).

Because of my background I started with the chapters on ArcSight. I was pretty disappointed when it quickly went into screenshots on actually installing the software. The other product chapters are a bit better but have similar issues. These chapters should have been pulled out of the book with the exception that each had a nugget or two that either didn't show up in other places in the book or showed up in all. You don't need to have each product chapter talk about the need to have project requirements/goals/expectations. In the Cisco MARS section (yes I even skimmed that chapter) there was actually a good little blerb on the difference between SIEM and an IDS. Why tuck it away?
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
1 of 1 people found the following review helpful By Ben Rothke on February 24, 2011
Format: Paperback
With many different types of log and audit data, Security Information and Event Management (SIEM) attempts to fix that by aggregating, correlating and normalizing the log and audit data. The end result is a single screen that presents all of the disparate data into a common element. While great in theory, the devil is in the details; and there are plenty of details in deploying a SIEM on corporate networks.

Security Information and Event Management Implementation provides a solid introduction, overview and analysis of what a SIEM (also known as SIM, SEM, SEIM and others) is, and what needs to go into it for an effective deployment and operation.

As a technology, SIEM provides real-time monitoring and historical reporting of information security events from networks, servers, systems, applications and more. Many firms have deployed SIEM as a method to address regulatory compliance reporting requirements, in addition to using it as a mechanism in which to build a robust information security operation, integrating the SIEM into their security management and incident response areas.

With that, the good news is that the SIEM market is now at a mature state, with numerous vendors competing off each other. Combined with the level of SIEM adoption, it's ready for prime time. But ensuring it works in prime time is heavily dependent upon the requirements definitions and planning.

The books 15 chapters are organized in three parts: Introduction to SIEM: Threat Intelligence for IT Systems, IT Threat Intelligence Using SIEM Systems and SIEM Tools. Part 3 (chapters 8-15) provides the bulk of the reading.

Part 1 provides a high-level overview of the topic and covers information security fundamentals.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again