62 Security De-engineering
investigation. ere is a snag though—because security teams do not
have an abundance of IT skills, they will not have been granted access
to IT resources such as computers and routers, so how can they do the
investigation themselves [and although some rms have deployed a log
correlation solution from the security information event management
(SIEM) product family, it is usually the IT or network operations
sta who have responsibility for the management and monitoring of
SIEM]?
To be fair, there are some security pros who do know something
about security incident management and investigation, and in rms
who are lucky enough to have such people on their books, you will
quite often see initial attempts by security ...