Know your requirements

The Gartner Group has long produced its Hype Cycle for IT technologies to show when technologies begin to offer practical benefits and become widely accepted. In 2006, Security Information and Event Management (SIEM) was located in the ‘Trough of Disillusionment’. This segment of the curve is supposed to represent a technology that has failed to meet expectations and become unfashionable therefore causing less coverage in the press. Gartner predicted emergence into the ‘Slope of Enlightenment’ in 2-5 years.

What can you do to avoid disillusionment?
Three words — Know your requirements
The lack of this is the single largest reason for failure of IT projects.

Basic advice, you say? Amazing how basic advice is the hardest to follow.
Watch the ball, mind your footwork. That sort of thing.

The market is awash with product offerings, each with similar claims but different heritages and usually optimized for different use-cases. Selection criteria should be your own needs. Mature vendors dislike failed projects as much as the sponsors because of the negative energy generated by the failure. Sharing your requirements sets expectations more correctly and therefore reduces the chances of energy sapping failures.

Aside of maturation of the technology itself, the other reason for the ‘trough’ is customer expectation and implementation methodology, which is usually outside vendor control. As SIEM comes into the mainstream, the basics apply more than ever. A mature customer with robust practices will get better results with new technology than those with poor habits get from well established technologies.

As Sun Tzu said, “he who knows neither himself nor his enemy can never win, he who knows himself but does not know his enemy will sometimes win and sometimes lose, but he who knows himself and his enemy will never lose.”

– Ananth

The 5 W’s of Security Management

The 5 W’s of security management I’ve seen it happen about a thousand times if I’ve seen it once. A high profile project ends up in a ditch because there wasn’t a proper plan defined AHEAD of time. I see this more often in “squishy” projects like security management because success isn’t easily defined. It’s not like installing a web application firewall, which will be deemed a success if it blocks web attacks.