In the corporate world, there are usually two sides to an enterprise security program: security operations and investigations. They share a single goal – to make the business safer – but each are tasked with very different responsibilities in achieving that goal. Monitoring, data intake and initial response are the responsibilities of security operations, while the investigations side uses all the data and information that’s been gathered by operations for taking appropriate investigative actions and liaising with law enforcement.
A critical component of protecting businesses and other organizations against incidents and the losses they cause is security information management. As with any other business management function, security management demands data-driven decisions, not only in order to work but also to be viewed as credible within the organization.