Part 1: Cyber Incident Response - SIEM With our experience, our education, or our position in the organization; we are often viewed as a contact to provide our information, knowledge, and recommendation on varying subjects. The megacorp calls this POINT OF VIEW (POV). The world of Information Technology is vast and touches all areas of an organization. The world of Information Security are just as vast, touch just as many areas, and has the added responsibility to secure the company from risk. The ability to provide a quick response, know our target audience, shape our message, and have an immediate impact in a short window of time is a skill we must develop and foster. The Week 6 exercise assignments simulate just that need 1. Title 2. Table of Contents Slide 3. Topics Definition Slide o Security Incident and Event Management (SIEM) o Operational Intelligence o Machine Learning / Machine Intelligence (think security like DarkTrace) Features Slide o What are the features of a SIEM (Think IBM QRadar or LogRhythm) o What are the features of Operational intelligence (think Splunk ... ignore that they call themselves a SIEM) Benefits Slide o Security Incident and Event Management (SIEM) (what can this do for the company's security operation?) o Operational Intelligence (what can this do for the company's business operation?) Selection Slide o Due to budget reasons, you must select either SIEM or Operational Intelligence Why have you made this selection? 4. Summary

Provide a slide that summarizes what you would like the audience to remember from your document or presentation. 5. Works Cited Page