Institute of Cyber Threat Management

SIEM Benchmarks (CTM-SIEM) Project

Security Information and Event Management benchmarks for Cyber Threat Management are a set of best practices benchmarks for SIEM used in conjunction with other CTM practices to effectively manage cyber threats.

The need for SIEM benchmarks

Despite being around for decades, SIEM is consistently one of the most underutilized technologies in the cyber threat manager’s toolbox. Whether organizations are using industry leading commercial tools, or using a collection of free open source tools, most struggle to squeeze the value out of SIEM.

Challenges with cyber threat management SIEM content

A key issue is that SIEM administrators have to rely on trial and error or past incident handling experience to develop effective cyber threat management content. While built in content ships with higher grade commercial SIEM packages, the content is not based on any industry standard vendor agnostic benchmarks.

Project Goals

SIEM is just a part of overall CTM however SIEM can enable some important capabilities and often existing SIEM assets are available to a cyber threat manager.  This is why we have launched the CTM-SIEM benchmarks project. CTM-SIEM will create multiple sets of benchmarks defining management, content development best practices as well as threat management use cases. These benchmarks define SIEM content consisting of rules and analytics for threat management to support CTM. The goal is to give cyber threat managers sets of benchmarks, allowing them to select the appropriate benchmarks for their threat environment.

Volunteer Opportunities

We are excited to be developing the world’s first independent benchmarks for SIEM and this is a trueground floor opportunity for experienced professionals to take part in the success of IOCTM. We are looking to add industry professionals with demonstrated expertise in major subject matter areas of SIEM including:

  • Developing and creating technology benchmarks, baselines or similar
  • Methodologies for selecting, running and tracking metrics on SIEM use cases
  • Interfacing SIEM with Intelligence data
  • SIEM for situational awareness
  • Integrating SIEM with Incidents Response and/or SOC procedures
  • Integrating Bigdata analytics into real-time SIEM use cases
  • SIEM metrics

We are currently forming the CTM-SIEM working group. Please join us if you'd like to get involved or access related content.

Email: memberadmin at

Privacy and Security

Copyright © 2015 IOCTM, Inc. All rights reserved.

Powered by Wild Apricot. Try our all-in-one platform for easy membership management