581 words, 2.2 minutes read. By Gerard Blokdyk
Security Operations Center 1 big thing: Deliver cyber intelligence services and material to information technology and business leaders.
|
The big picture: Administer and maintain security systems in the cybersecurity security operations center (CSOC) technology stack, including the security information and event management (SIEM) environment; OT and IT network intrusion detection systems (IDS); endpoint detection and response (EDR) tool; security orchestration, automation, and response (SOAR); cyber threat intelligence platform (TIP); and full packet capture (PCAP) servers across
your service territory.
Why it matters: Develop experience working with information security teams such as fusion centers, security operations centers, vulnerability assessment, vulnerability threat management, security incident management, cyber hunt, and big data analysis.
How it works: Secure that your process is responsible for detection capabilities including log management SIEM, continuous monitoring network security monitoring, threat hunting, penetration testing, vulnerability scanning, web app scanning, data loss prevention, security operations center, threat intelligence.
Top thinkers are using The Art of Service Critical Capabilities Analysis, the Kanban that’s helping leaders stay ahead of what’s next.
This Kanban will help you plan your roadmap.
BENEFITS:
The Critical Capabilities and Priorities Kanban enables leaders to shortlist out of 2545 appropriate results, already prioritized to:
- Control who has access to your data once it leaves your data
center.
- Know if an MSSP has the technology resources to meet your
security needs.
- Test and monitor the security of your services and data in
the cloud.
- Prevent that a change will cause any outage. And will other
systems be impacted, or cause reboots, is there a downstream impact to users.
- Provide metrics, as information about threats that have been
blocked.
- Think the cyber threat resulting from the digital
transformation will change Swiss Post.
- Manage EU GDPR compliance if you cannot identify where your
personal data is stored.
- Evaluate and optimize your data collection
capability.
- Purge data in a secure fashion.
- Physically protect your data centers from
intruders.
Be smart: Develop trend analysis and response processes and reporting for all areas of the Cyber Security Operations Center (Cyber Defense and Intelligence Center, Forensic Security and Investigations, Technology Operations and Incident Response).
What they're saying: "Develop experience working in a Security Operations Center (SOC), Managed Security Service (MSS), Incident Response, or other enterprise network environment.", Colin R. - Senior Cloud Security
Analyst
Under the hood: Work in collaboration with the (internal) customer and the SOC lead in overseeing and enhancing Security Operations Center incident response and investigations
operations.
What to watch: Invest in the development of processes and procedures to improve security operations functions, incident response times, analysis of incidents, and overall SOC
functions.
Go deeper: Make sure the Tier 1 SOC Analysts support a 24/7/365 Security Operations Center and monitors security tools and provides first tier response to security
incidents.
Between the lines: Ensure your staff works closely with SOC Analysts to conduct vulnerability assessments and monitor systems, network, databases and Web for
potential system breaches; responds to alerts from information security tools, reports, investigates and resolves security incidents; educates and communicates security requirements and procedures to all users and new employees; prevents unauthorized access; ensures compliance with regulations and privacy laws and may oversee internal or external systems security (i.
On the flip side: Secure that your company is involved in Security Event and Incident Management (SEIM), Security
Operations Center (SOC), endpoint protection, log aggregators, zero trust, and network security processes and tools.
The bottom line: Work closely with the Cyber Security Operations Center (CSOC) team
who manages security incident investigations, to ensure all relevant stakeholders and compliance functions are appropriately involved and informed of events and progress.
What's next: Interface so that your workforce
assists with performing engineering support and system administration of specialized cybersecurity applications, systems and networks in a Cyber Security Operations Center (CSOC) environment to include installation, configuration, maintenance, patching, and back-up/restore.
ICYMI:
Certify your strategy is involved in various relevant areas of compliance (GLBA, SOC II, information security models and risk assessments, IT audits, vendor management, data breach, and incident management).
|
|
|
|