@@ -312,7 +312,7 @@ For each SIEM system placed on the market, the manufacturer shall develop a thre
<mark>How well the admin knows the company?</mark>
#### 4.5.1.4 SIEM System Deployment Isolation
**[ISO]**
**[ISO]**:
* ISO-0 SIEM system is hosted and managed on dedicated server or servers
* ISO-1 SIEM system is managed and hosted on server shared with other systems
@@ -495,6 +495,29 @@ _List any related ETSI standards and how they interact with the present document
* Configuration
* Product of analysis
- List of scrape clients
- Device inventory
- Contact information SIEM process management
- Raports of all sorts
- Alerting configuratoin
- Report generation configuration
- Integration configuration
- Log data
- ETL worklflow configuration
- Trained models
- Data composition table <mark>fixme</mark>
- PII data in logs or ingested sources
- Confindential busines information in the sources
- Cryptographic keys
- Authentication related secrets (tokens, keys)
- Raports of all sorts
- Concept of administrator
- RBAC
<mark>Where does CSXX, working function (val knows)</mark>
### C.1.2 Product functions
_See the functions in Section 4.7._
@@ -536,6 +559,10 @@ _Guidance from latest PT1 draft:_
> _NOTE 3 A quantitative estimation of the cybersecurity risks can be performed using scoring systems that map qualitative categories of the likelihood of occurrence and qualitative categories of magnitude of loss or disruption to certain values._
- Compromised system results to discoverability of bad actors
