Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

What is Security Event and Incident Management (SEIM)?

SEIM is the process of handling security incidents. A security incident can be anything ranging from an infected computer sending out spam to a DMCA notice, to a worm or trojan that collects personal information, or a email account that has been compromised. Security events tend to be more mundane. An example of a security event may be an attempted login (or set there of).

How does Tufts handle SEIM?

Prevention: Tufts tries to prevent security incidents by tracking some of the traffic on its network. Tufts uses ArcSight to help log network traffic.

Handling: Tufts uses an incident handling workflow process that can be found here. Tufts uses a ticketing system, RT (request tracker), to track the progress through a workflow. In the future, Tufts will be phasing out RT in favor of Service-Now. ArcSight is also used in the handling process to help look up past network events and collect evidence.

What is this wiki all about?

This wiki is focused on helping you use ArcSight to prevent and handle security incidents.

  • No labels

Information on the Tufts IT Knowledgebase is intended for IT Professionals at Tufts.
If you have a question about a Tufts IT service or computer/account support, please contact your IT support group.