What is Security Event and Incident Management (SEIM)?
SEIM is the process of handling security incidents. A security incident can be anything ranging from an infected computer sending out spam to a DMCA notice, to a worm or trojan that collects personal information, or a email account that has been compromised. Security events tend to be more mundane. An example of a security event may be an attempted login (or set there of).
How does Tufts handle SEIM?
Prevention: Tufts tries to prevent security incidents by tracking some of the traffic on its network. Tufts uses ArcSight to help log network traffic.
Handling: Tufts uses an incident handling workflow process that can be found here. Tufts uses a ticketing system, RT (request tracker), to track the progress through a workflow. In the future, Tufts will be phasing out RT in favor of Service-Now. ArcSight is also used in the handling process to help look up past network events and collect evidence.