M4Q4

Sensor

Agent

Collector

Log

Normalization

Risk assessment

Vulnerability Scanning

Real-time monitoring

Encryption

Timestamping

Digital Signing

Hashing

Forward the security alert

Implement individual solutions

Fail to understand the threat

Use this information to launch attacks

Detect, analyze and report

Collect, analyze and report

Detect, analyze and respond

Collect, analyze and respond

Conduct lessons learned sessions

Alert key individuals

Identify and assess incidents

Assign responsibility

Risk

Budget

Quality

Top management

Plan, prepare and respond

Prepare, Respond, and follow up

Plan, prepare and follow up

Prepare, plan and respond

Block the event

Remove the event

Reduce the impact

Rise the event

Correlating the log

Live Correlating the log

Collecting the log

Analyzing the log