Security Event Management Process

Security event management (SEM) is the process of identifying, gathering, monitoring and reporting
security-related events in a software, system or IT environment.

[INPUT] Receive alerts or tickets 2. Triaged alerts or tickets 3. Validate ticket 4. Perform analysis 5.
[OUTPUT] Escalate tickets to the proper person or execute the right procedure based on information

Security Incident Response Process

Incident response is an organized approach to addressing and managing the aftermath of security
incident.

[INPUT] Receive alerts from Security Event Management Process 2. Review and reassess
classification and validity of High/Critical ticket 3. Consider WAR Room scenario (single analyst
response or Incident Response team required) 4. Consider engagement of IBM Emergency Response
Services (ERS) 5. Consider Usage of a physical WAR room 6. Responding fast and professional 7.
Documenting lessons learned 8. [OUTPUT] Created possible extra incident response countermeasure
tickets and a closed Incident response ticket.
Security Intelligence Process

Security intelligence is the information relevant to protecting an organization from external and
inside threats as well as the processes, policies and tools designed to gather and analyze that
information.

[INPUT] Receive reports from internet security intelligence services, public reports or SIEM tooling 2.
Search for risks or threats in the reports 3. Convert risks or threats to actions 4. Create a ticket for
the owner of the risks and threats 5. Assess priority level and decide for high priority tickets to
create e-mail bulletin or wiki articles 6. Decide on SIEM use case expansion 7. Decide on fine tuning
the report or not 8. Logging tickets according to previous two decisions 9. [OUTPUT] tickets created
from reports

Vulnerability Management process

Vulnerability Management is described as the practice of identifying, classifying, remediating and

mitigating vulnerabilities.

[INPUT] Receive scans from the Vulnerability Scanning tool 2. Review and reassess classification and
validity of the vulnerabilities 3. Identifying the owner of the system with vulnerabilities in it 4. Create
a ticket for the owner with vulnerability information 5. Check if the owner has patched the
vulnerabilities 6. [OUTPUT] Closed ticket with patched vulnerabilities on the system.