A government contractor is required to comply with the Federal Information Security Management Act (FISMA). The security officer must implement a continuous monitoring program for all information systems. The contractor uses a mix of on-premises servers and cloud services. The contractor has a SIEM tool that collects logs from all systems. However, the SIEM generates a high number of alerts, many of which are false positives, overwhelming the security team. The team wants to improve the effectiveness of the monitoring program without increasing staff. Which of the following actions would MOST effectively address the issue?
This directly reduces alert fatigue and improves efficiency.
Why this answer
Tuning the SIEM correlation rules to reduce false positives will make alerts more actionable and allow the team to focus on real incidents. Option B increases noise; C is expensive and time-consuming; D reduces visibility.