User:Jbuchanan 1/Evaluate an Article

Which article are you evaluating?
Security information and event management

Proactive cyber defence

Information assurance

Risk management framework

Why you have chosen this article to evaluate?
I chose to evaluate this article to see if there are relevant current issues on this page. There have been advances made on this topic and this page needs to be updated to reflect current literature.

Evaluate the article
Security Information and Event Management

The lead section currently only outlines the coining of the term and not what Security Information, and Event Monitoring (SIEM) does or is intended to do. There is no historical context or background on auditing, logging, or monitoring. There are no regulatory requirements discussed in the entire article and mainly focuses on attacks that may not be relevant for SIEM. There is no policy referenced in any aspect and the latest Presidential executive order requires this, and previous FAR/DFAR/NIST 171, PCI-DSS, HIPAA, SOX, GDPR, etc. Architecture and components of a SIEM is not discussed in totality and needs to encompass several solutions. Aspects of an operating systems to include logging types, audit content, and what is auditable has not been addressed in any capacity. The references by themselves are not bad, however, fail to capture the totality of SIEM. I do not think this page is up to date – even if recent entries were made. There is a significant portion of data missing from this article. This is not based on my opinion but regulatory requirement and that every regulatory risk management framework requires auditing and logging and use of a SIEM. The explanation of how the system operates and functions with context to other security components is completely lacking. There are alerting examples, but no context—this is essentially useless for anyone trying to use this page to learn anything. I would like to move forward with improvement of this article.

Proactive Cyber Defense

This page needs significant work from a foundational topic through to red and blue team operations. Additionally, this page needs to stem from security operations to include the use of SIEM (above) and ultimately a Risk Management Framework for requirements and governance. Proactive cyber defense is threat hunting and utilizing devsecops methodologies with defense in depth and zero trust. This work could spawn another five pages, at minimum.

Information Assurance

The information assurance page is lacking and the sources need to be updated. This page looks like it was a copy and paste without citations from an industry certification study guide. Before I can understand the totality of problems with this page I need to fully review the Risk Management Framework Page, below.

Risk Management Framework

The risk management framework page references NIST but there is not a thorough explanation of how NIST Special Publication series operations with regard to cybersecurity. There needs to be substantive updates and research performed. There are at least 20 core NIST SP documents as they pertain to modern cybersecurity governance and RMF. I need to review further.