- To introduce the most effective practices for establishing a Security Operation Control Center (SOCC), it is first important to define SOCC. Security Operation Control Center is “a centralized function within an organization employing people, processes, and technology to continuously monitor and improve an organization’s security posture” (McAfee, 2020).
- The role of the Security Operation Center is to prevent, detect, and respond (if needed) to cybersecurity threats. Security operations teams are, therefore, tasked with coordinating the efforts of different departments to protect the organization’s assets, which often include intellectual property, confidential information, and business intelligence.
- Key functions performed by the SOCC include preventative maintenance, proactive monitoring, ranking of threats, incident response, remediation, root cause investigation, as well as compliance management.
- The SOCC utilizes a company’s IT infrastructure, including its online networks, appliances, and various devices as a way of collecting data from diverse sources.
- The Security Information and Event Management (SIEM) system collects and correlate data from security feeds, which is then transferred to the intrusion prevention systems (IPS), threat intelligence platforms (TIP), or other systems.
- When it comes to the SOCC’s role in the incident response process, it involves five stages, including preparation, detection, containment, eradication, and recovery.
- The first practice that should be implemented at Sifers-Grayson is the establishment of a system for data extraction and correlation (from both internal and external feeds). It allows the company to be prepared for possible cybersecurity breaches through the assessment of potential risks.
- The aforementioned practice implies the implementation of an automated system such as SIEM.
- The second practice proposed to Sifers-Grayson is to involve competent staff in the establishment of the SOCC. Highly trained personnel should consist of SOC managers, incident responders, SOCC analysts (who may operate on different levels), forensic investigators, threat hunters, compliance auditors, etc. (McAfee, 2020).
- It is important to note that even exceptionally qualified technicians need advanced technological equipment to perform their functions successfully. Security analysts, investigators, and other team members require antiviruses, intrusion prevention, and detection systems, as well as VPNs.
- The third practice is also related to the preparation efforts of the SOCC. It implies the education of users regarding the process of identifying and reporting threats. Thus, Sifers-Grayson must develop efficient communication channels to inform users of the applicable guidelines in case their machinery comes under threat.
- The main task of the SOCC is to prevent incidents from doing any harm to the infrastructure of the company in the first place. To establish an efficient security control center, technicians need to be trained to detect potential threats.
- Detection requires Sifers-Grayson to establish threat-modeling frameworks, which would help the staff to determine whether an incident detected is a threat for the company. This allows the organization “to add context and make the information valuable and actionable for more precise, accurate, and speedy assessment throughout the iterative and interactive threat management effort” (McAfee, 2020).
- Incident management is “necessary for rapidly detecting IS incidents, minimizing loss and destruction, mitigating the vulnerabilities that were exploited and restoring the Internet of Things infrastructure (IoT), including its IT services” (Miloslavskaya, 2016).
- The elimination of a threat should be followed by setting up back-ups to ensure networks can be safely accessed after re-configuration (Cassetto, 2019).
- Whenever considering whether the practices will be effective or not, Sifers-Grayson needs to focus on the end goal of ensuring all bases are covered, including firewalls, threat scanners, automated application security, and investigative solutions.
References
Cassetto, O. (2019). How to build a security operations center for small companies. Web.
McAfee (2020). What is a security operations center (SOC)? Web.
Miloslavskaya, N. (2016). Security operations centers for information security incident management.2016 IEEE 4th International Conference on Future Internet of Things and Cloud. IEEE. Web.