Beruflich Dokumente
Kultur Dokumente
budget), setting up an operations centre supported by multiple monitoring technologies and real-time threat updates. You
may doubt that you’ll have enough full-time and skilled team members to implement and manage these different tools on
an ongoing basis. That’s why it’s essential to look for ways to simplify and unify security monitoring to optimise your SOC
processes and team.
SOC is a centralised unit in an organisation that deals with security issues, on an organisational and technical level. A
Security Operations Center within a building or facility is a central location from where staff supervises the site, using da ta
processing technology. An information security operations centre (or “SOC”) is a location where enterprise information
systems are centrally monitored.
Defined and documented Security Operations Center (SOC) guideline which includes all the necessary roles and
responsibilities to be undertaken by the SOC.
Clearly define escalation paths to investigate, analyse, elevate alerts and events for appropriate incident response
teams.
Tools to detect/ monitor computer security alerts (e.g., alerts, thresholds, aggregation)
Network diagram
Cryptographic Hashes
Roles and responsibilities of the SOC team are defined based on the capabilities.
Regular training sessions for SOC team for continuous skill enhancement and keeping up to date with threats and
attacks
Enterprise-wide data collection, aggregation, detection, analytic and management solutions required by the SOC are
defined.
Monitoring
Monitoring of various sources to facilitate enforcement of CIS top 20 critical security controls
Information Technology systems, such as applications, servers, routers, switches, workstations, etc. shall be monitored
by the SOC
Information Security systems, such as firewalls, antivirus, intrusion detection, identity management, etc. shall be
monitored by the SOC
Functional Components
Monitor
Respond
Assess
Log Collection
Information Technology devices like Network, network devices and systems, servers etc.
Logs for at least three months shall be kept on the system and further thet logs are archived for one year.
Tier 2 Analyst
Identify root cause of the incident and advises on remediation of the incident
SOC/Infosec Manager
Develop a workflow model and implement standardised operating procedures (SOPs) for effective incident
management
Manage resource to include personnel, budget, shift scheduling and technology strategy to meet SLA
Communicate the identified weakness to management
SOC Architecture
Data Architecture
Backup of configurations