Security Level Management (SLM) is a system for transparently displaying the security level of each individual IT system in the network at all times. This capability makes IT security a measurable and manageable factor that significantly improves quality assurance.
Security Level Management supports the requirements of the PCI-DSS standard for data security in credit card use as well as the audit phase of the information security management system according to ISO 27001. Continuous improvement of IT security is only possible if the Chief Security Officer( CSO) and the security staff can monitor the security functions and intervene in case of deviations from target specifications. With such a strategic management system, the individual security levels can be monitored and control functions can be triggered.
Security Level Management (SLM) is directly related to Security Information and Event Management( SIEM), which in turn combines Security Information Management( SIM) and Security Event Management( SEM). While Security Information and Event Management (SIEM) is concerned with real-time analysis of security alerts, SIM management monitors the network in real time and examines it for critical events. In SLM management, enterprise security policies are implemented into the operational IT infrastructure and form the targets for the Security Levels( SL). The security levels are constantlychecked against the security performance of the protection systems.
SLM management is based on the PDCA cycle according to ISO 27001.