Effective Security Operations Centre SOC building - by Manoj Purandare. This article tries to give a strategy towards building am effective SOC using its 4 major points steps and 11 effective steps recipe - for Organisation's / Govt's safety and security
Building an Intelligence-Driven Security Operations CenterEMC
This white paper describes how an intelligence-driven security operations center (SOC) improves threat detection and response by helping organizations use all available security-related information from both internal and external sources to detect hidden threats and even predict new ones.
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...Manoj Purandare ☁
Effective Security Operations Centre SOC building - by Manoj Purandare. This article tries to give a strategy towards building am effective SOC using its 4 major points steps and 11 effective steps recipe - for Organisation's / Govt's safety and security
Summarize the design and build approach for SOC (Security Operation Center) for both end user company and service providers. Defines the approach flow for SOC building and various components and phases involved. Defines design thumb rules and parameters for SOC Design.
Security Management is very complex and does not limit itself to products and technologies. It is important to consider alternatives when setting up a Security Operation Center (SOC), from insight into the business plan requirements, ability and the skill set of people who will handle the SOC, the responsibilities for the team, budget and more.
State of Security Operations 2016 report of capabilities and maturity of cybe...at MicroFocus Italy ❖✔
As businesses continue to adopt new cloud and mobile functionality rapidly, we find the
edges of the network even more blurred, and our definitions of data ownership and breach
responsibility continue to evolve. Staffing and training continue to be the foremost challenge
of the modern SOC. This is paving the way to hybrid staffing models and hybrid infrastructures
that require less in-house expertise. As a result, highly skilled security team members can then
be utilized for a more specialized hunt and analytics-focused work.
There is no question this year has been both an exciting and challenging time to be in the field
of cyber security. On one hand, it is disheartening to see the continued decline in the maturity
and effectiveness of security operations, while, on the other, I know that we are in the middle
of an exciting and transformative change in our field. You can feel it. We must go where the
data leads us, and we believe that is to widen our definition of security operations to leverage
analytics, data science, Big Data, and shared intelligence to become more effective in protecting
today’s digital enterprise.
Building an Intelligence-Driven Security Operations CenterEMC
This white paper describes how an intelligence-driven security operations center (SOC) improves threat detection and response by helping organizations use all available security-related information from both internal and external sources to detect hidden threats and even predict new ones.
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...Manoj Purandare ☁
Effective Security Operations Centre SOC building - by Manoj Purandare. This article tries to give a strategy towards building am effective SOC using its 4 major points steps and 11 effective steps recipe - for Organisation's / Govt's safety and security
Summarize the design and build approach for SOC (Security Operation Center) for both end user company and service providers. Defines the approach flow for SOC building and various components and phases involved. Defines design thumb rules and parameters for SOC Design.
Security Management is very complex and does not limit itself to products and technologies. It is important to consider alternatives when setting up a Security Operation Center (SOC), from insight into the business plan requirements, ability and the skill set of people who will handle the SOC, the responsibilities for the team, budget and more.
State of Security Operations 2016 report of capabilities and maturity of cybe...at MicroFocus Italy ❖✔
As businesses continue to adopt new cloud and mobile functionality rapidly, we find the
edges of the network even more blurred, and our definitions of data ownership and breach
responsibility continue to evolve. Staffing and training continue to be the foremost challenge
of the modern SOC. This is paving the way to hybrid staffing models and hybrid infrastructures
that require less in-house expertise. As a result, highly skilled security team members can then
be utilized for a more specialized hunt and analytics-focused work.
There is no question this year has been both an exciting and challenging time to be in the field
of cyber security. On one hand, it is disheartening to see the continued decline in the maturity
and effectiveness of security operations, while, on the other, I know that we are in the middle
of an exciting and transformative change in our field. You can feel it. We must go where the
data leads us, and we believe that is to widen our definition of security operations to leverage
analytics, data science, Big Data, and shared intelligence to become more effective in protecting
today’s digital enterprise.
Companies are looking forward for single Operation center for entire IT stack, This preso summarize the design components for ESOC which will cater entire IT infrastructure and application stack from a single facility.
Cybersecurity Assurance at CloudSec 2015 Kuala LumpurAlan Yau Ti Dun
"Like any information security processes, there should be an adequate and"
"reasonable level of assurance for cyber security, which completes the security perspective when combined with governance and management processes. Cyber security assurance requires a comprehensive set of controls that covers risk as well as management processes."
"These controls are supported by appropriate metrics and indicators for"
"security goals and factual security risk. This session will share the cybesecurity self assessment program in carrying out an audit or self- assessment review on cyber security controls and practices in a typical organisation. This assurance program will leverage on COBIT 5 framework"
"and COBIT 5 for Information Security as a baseline."
What's Next : A Trillion Event Logs, A Million Security ThreatAlan Yau Ti Dun
The Challenge For Log Analysis
Log Management vs SIEM vs NextGen SIEM
Security Analytic + Storage + Actionable Intelligence
NexGen Security Operation Center For Smart Cities
#Course description
Critical Infrastructure Protection (CIP) NERC training course will show you the CIP measures created by Federal Energy Regulatory Commission (FERC) and North American Electric Reliability Corporation (NERC) and will assist you with understanding the prerequisites for work force and training, physical security of Bulk Electric Systems (BES) cybersecurity and data protection.
NERC is resolved to ensure the BES against cybersecurity bargains prompting unsteadiness. Another progress started in 2014 with a specific end goal to move from CIP variant 3 guidelines to CIP rendition 5. The objective is to enhance the specialized security necessities for BES and desires for consistence and requirement.
#Audience
Critical Infrastructure Protection (CIP) NERC training is a 2-day course designed for:
IT and ICS cybersecurity personnel
Field support personnel and security operators
Auditors, vendors and team leaders
All individuals who need to understand the Critical Infrastructure Protection (CIP) NERC concepts
Electric utility engineers working in electric industry security
System personnel worried about NERC standard for system security
System operators and individuals in electric utility organizations
Independent system operator personnel working with utility companies
Electric utility personnel who recently started career involved with Critical Infrastructure Protection (CIP) NERC standards.
Technicians, operators, and maintenance personnel who are or will be working at electric utility companies.
Investors and contractors who plan to make investments in electric industry considering security standards.
Managers, accountants, and executives of electric industry.
#Training Objectives
Understand the new terms and revised definitions of CIP NERC standard
Learn about Cyber asset categories
Apply gap analysis with new standards applications
Recognize the role FERC and NERC on CIP
Determine the requirements to implement strategies for CIP
Apply CIP requirements to balance cybersecurity benefits and regulatory compliances
Understand how the electric sector regulatory structure fit into the reliability standards
Explore BES cyber asset identification to protect grids
Learn about common physical controls and monitoring schemes in CIP
Understand the system security management requirements and compliance challenges
Apply vulnerability assessment for ensuring the stable operation of system
Apply methods in order to identify, classify and response to each incident in CIP
Call us today at +1-972-665-9786. Learn more about this course audience, objectives, outlines, seminars, pricing , any other information. Visit our website link below.
Learn more about Critical Infrastructure Protection (CIP) NERC Training
https://www.tonex.com/training-courses/critical-infrastructure-protection-cip-nerc-training/
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...Alan Yau Ti Dun
When weighing options for increasing enterprise computing capabilities or seeking ways
to improve IT operational efficiency, the prevailing method is to integrate an external IT
services vendor, commonly referred to as a cloud service provider (CSP). There is a
high probability that audit clients will engage this CSP service to manage their IT needs.
Learn how to cope with the audit and risk assessment challenges related to this
emerging technology trend in this key session.
•Understanding the various Cloud Service Levels and Implementation Types
•Identifying Compliance, Service Level Agreement and other Important Duties each
party must perform
•Understand the Complexities of Auditing internal controls, data security, privacy and
performancerelated to cloud
•Mitigating the underlying Business Risks associated with adopting a cloud-based IT model
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsShah Sheikh
Abstract: Modern day cyber threats are ever increasing in sophistication and evasiveness against Process Control Networks. Organizations in the industry are facing a constant challenge to adopt modern techniques to proactively monitor the security posture within the SCADA infrastructure whilst keeping cyber attackers and threat actors at bay.
In this presentation we will cover the fundamental building blocks of building a SCADA cyber security operations center with key responsibilities such as Incident Response Management, Vulnerability and Patch Management, Secure-by-design Architecture, Security Logging and Monitoring and how such security domains drive accountability and act as a line of authority across the PCN.
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyPriyanka Aash
The cybersecurity landscape is rapidly evolving, with new threats and threat actors emerging, and traditional security operations centers (SOCs) need to be augmented accordingly. This session will detail the journey of du in building and continually enhancing its SOC, physically and philosophically, to best deal with attack detection (offensively and defensively) and response.
(Source: RSA Conference USA 2017)
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...Brian Andrzejewski
Security Operation Centers (SOCs) are the front line for incident detection, response, and escalation for organizations. Few security teams evaluate their SOC's tools, techniques and procedures (TTPs) are working to their expected SOC response - even fewer on live networks with their CISO's approval.
This HOWTO talk for security teams will cover a crawl/walk/run approach to build and execute live fire incidents to target your SOC's TTP abilities to detect, respond, and escalate. Techniques, lessons learned, and WAR stories will be discussed to how to select your exercises, determine expected outcomes, methods to measure results, coordinate for CISO sign off, and how to report lessons learned to improve your SOC's TTP response.
BSidesCharm 2018 video at:
https://www.youtube.com/watch?v=tXwHr4sycew
Insight is one of the best security operation center that influences all the necessary things that reduce the advanced threats and security risk all over your company and protects your network infrastructure across the organization. https://insightmsp.co.in/soc-as-service.php
Companies are looking forward for single Operation center for entire IT stack, This preso summarize the design components for ESOC which will cater entire IT infrastructure and application stack from a single facility.
Cybersecurity Assurance at CloudSec 2015 Kuala LumpurAlan Yau Ti Dun
"Like any information security processes, there should be an adequate and"
"reasonable level of assurance for cyber security, which completes the security perspective when combined with governance and management processes. Cyber security assurance requires a comprehensive set of controls that covers risk as well as management processes."
"These controls are supported by appropriate metrics and indicators for"
"security goals and factual security risk. This session will share the cybesecurity self assessment program in carrying out an audit or self- assessment review on cyber security controls and practices in a typical organisation. This assurance program will leverage on COBIT 5 framework"
"and COBIT 5 for Information Security as a baseline."
What's Next : A Trillion Event Logs, A Million Security ThreatAlan Yau Ti Dun
The Challenge For Log Analysis
Log Management vs SIEM vs NextGen SIEM
Security Analytic + Storage + Actionable Intelligence
NexGen Security Operation Center For Smart Cities
#Course description
Critical Infrastructure Protection (CIP) NERC training course will show you the CIP measures created by Federal Energy Regulatory Commission (FERC) and North American Electric Reliability Corporation (NERC) and will assist you with understanding the prerequisites for work force and training, physical security of Bulk Electric Systems (BES) cybersecurity and data protection.
NERC is resolved to ensure the BES against cybersecurity bargains prompting unsteadiness. Another progress started in 2014 with a specific end goal to move from CIP variant 3 guidelines to CIP rendition 5. The objective is to enhance the specialized security necessities for BES and desires for consistence and requirement.
#Audience
Critical Infrastructure Protection (CIP) NERC training is a 2-day course designed for:
IT and ICS cybersecurity personnel
Field support personnel and security operators
Auditors, vendors and team leaders
All individuals who need to understand the Critical Infrastructure Protection (CIP) NERC concepts
Electric utility engineers working in electric industry security
System personnel worried about NERC standard for system security
System operators and individuals in electric utility organizations
Independent system operator personnel working with utility companies
Electric utility personnel who recently started career involved with Critical Infrastructure Protection (CIP) NERC standards.
Technicians, operators, and maintenance personnel who are or will be working at electric utility companies.
Investors and contractors who plan to make investments in electric industry considering security standards.
Managers, accountants, and executives of electric industry.
#Training Objectives
Understand the new terms and revised definitions of CIP NERC standard
Learn about Cyber asset categories
Apply gap analysis with new standards applications
Recognize the role FERC and NERC on CIP
Determine the requirements to implement strategies for CIP
Apply CIP requirements to balance cybersecurity benefits and regulatory compliances
Understand how the electric sector regulatory structure fit into the reliability standards
Explore BES cyber asset identification to protect grids
Learn about common physical controls and monitoring schemes in CIP
Understand the system security management requirements and compliance challenges
Apply vulnerability assessment for ensuring the stable operation of system
Apply methods in order to identify, classify and response to each incident in CIP
Call us today at +1-972-665-9786. Learn more about this course audience, objectives, outlines, seminars, pricing , any other information. Visit our website link below.
Learn more about Critical Infrastructure Protection (CIP) NERC Training
https://www.tonex.com/training-courses/critical-infrastructure-protection-cip-nerc-training/
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...Alan Yau Ti Dun
When weighing options for increasing enterprise computing capabilities or seeking ways
to improve IT operational efficiency, the prevailing method is to integrate an external IT
services vendor, commonly referred to as a cloud service provider (CSP). There is a
high probability that audit clients will engage this CSP service to manage their IT needs.
Learn how to cope with the audit and risk assessment challenges related to this
emerging technology trend in this key session.
•Understanding the various Cloud Service Levels and Implementation Types
•Identifying Compliance, Service Level Agreement and other Important Duties each
party must perform
•Understand the Complexities of Auditing internal controls, data security, privacy and
performancerelated to cloud
•Mitigating the underlying Business Risks associated with adopting a cloud-based IT model
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsShah Sheikh
Abstract: Modern day cyber threats are ever increasing in sophistication and evasiveness against Process Control Networks. Organizations in the industry are facing a constant challenge to adopt modern techniques to proactively monitor the security posture within the SCADA infrastructure whilst keeping cyber attackers and threat actors at bay.
In this presentation we will cover the fundamental building blocks of building a SCADA cyber security operations center with key responsibilities such as Incident Response Management, Vulnerability and Patch Management, Secure-by-design Architecture, Security Logging and Monitoring and how such security domains drive accountability and act as a line of authority across the PCN.
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyPriyanka Aash
The cybersecurity landscape is rapidly evolving, with new threats and threat actors emerging, and traditional security operations centers (SOCs) need to be augmented accordingly. This session will detail the journey of du in building and continually enhancing its SOC, physically and philosophically, to best deal with attack detection (offensively and defensively) and response.
(Source: RSA Conference USA 2017)
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...Brian Andrzejewski
Security Operation Centers (SOCs) are the front line for incident detection, response, and escalation for organizations. Few security teams evaluate their SOC's tools, techniques and procedures (TTPs) are working to their expected SOC response - even fewer on live networks with their CISO's approval.
This HOWTO talk for security teams will cover a crawl/walk/run approach to build and execute live fire incidents to target your SOC's TTP abilities to detect, respond, and escalate. Techniques, lessons learned, and WAR stories will be discussed to how to select your exercises, determine expected outcomes, methods to measure results, coordinate for CISO sign off, and how to report lessons learned to improve your SOC's TTP response.
BSidesCharm 2018 video at:
https://www.youtube.com/watch?v=tXwHr4sycew
Insight is one of the best security operation center that influences all the necessary things that reduce the advanced threats and security risk all over your company and protects your network infrastructure across the organization. https://insightmsp.co.in/soc-as-service.php
If you have problem of not knowing how to build a foundation for information security, if you are faced with questions such as where to start and how to start then this white paper may have the solutions and answers for you. In this paper you learn how to build the foundation step by step. It is written by the expert but in a simple language that is easy to understand. I have seen many papers that addressed this issue but none in the style of this paper.
Workforce Management (WFM) is an integrated set of processes that the company uses to optimize the productivity of its employees and it should mainly consist of five main pillars I.e. Procurement, Recruitment, Human Resource, Operation and finance. It involves monitoring supply status and
current inventory, recruitment process lifecycle, resource allocation and
utilization, invoicing process and approvals, forecasting labor requirements effectively and creating and managing staff schedules to accomplish a task on a day to day and hour to hour basis and analytics.
The current available Workforce Management Solution software mainly focuses on Human Resource as the core entity which may extend to include operations or finance but most of them lack the complete eco system to
implement a full fledge Workforce Management solution.
Workforce Management solution should be operational end to end which means it should start with the procurement of the resources to recruiting those resources after which human resource comes in to play and a swift operational process which
ends in analytics mainly focusing on finance.
Cosmetic shop management system project report.pdfKamal Acharya
Buying new cosmetic products is difficult. It can even be scary for those who have sensitive skin and are prone to skin trouble. The information needed to alleviate this problem is on the back of each product, but it's thought to interpret those ingredient lists unless you have a background in chemistry.
Instead of buying and hoping for the best, we can use data science to help us predict which products may be good fits for us. It includes various function programs to do the above mentioned tasks.
Data file handling has been effectively used in the program.
The automated cosmetic shop management system should deal with the automation of general workflow and administration process of the shop. The main processes of the system focus on customer's request where the system is able to search the most appropriate products and deliver it to the customers. It should help the employees to quickly identify the list of cosmetic product that have reached the minimum quantity and also keep a track of expired date for each cosmetic product. It should help the employees to find the rack number in which the product is placed.It is also Faster and more efficient way.
As requested by folks these are the presentation notes for Securing Citizen Facing Applications. Hope these help with your IDM planning and implementation
Manoj Purandare- Stratergy towards an Effective Security Operations Centre -...Manoj Purandare ☁
Effective Security Operations Centre SOC building - by Manoj Purandare. This article tries to give a strategy towards building am effective SOC using its 4 major points steps and 11 effective steps recipe - for Organisation's / Govt's safety and security
Manoj Purandare- Stratergy towards an Effective Security Operations Centre -...Manoj Purandare ☁
Effective Security Operations Centre SOC building - by Manoj Purandare. This article tries to give a strategy towards building am effective SOC using its 4 major points steps and 11 effective steps recipe - for Organisation's / Govt's safety and security
Manoj Purandare- Stratergy towards an Effective Security Operations Centre -...Manoj Purandare ☁
Effective Security Operations Centre SOC building - by Manoj Purandare. This article tries to give a strategy towards building am effective SOC using its 4 major points steps and 11 effective steps recipe - for Organisation's / Govt's safety and security
Manoj Purandare- Stratergy towards an Effective Security Operations Centre -...Manoj Purandare ☁
Effective Security Operations Centre SOC building - by Manoj Purandare. This article tries to give a strategy towards building am effective SOC using its 4 major points steps and 11 effective steps recipe - for Organisation's / Govt's safety and security
Manoj Purandare- Stratergy towards an Effective Security Operations Centre -...Manoj Purandare ☁
Effective Security Operations Centre SOC building - by Manoj Purandare. This article tries to give a strategy towards building am effective SOC using its 4 major points steps and 11 effective steps recipe - for Organisation's / Govt's safety and security
Effective Security Operations Centre SOC building - by Manoj Purandare. This article tries to give a strategy towards building am effective SOC using its 4 major points steps and 11 effective steps recipe - for Organisation's / Govt's safety and security
Up the Ratios Bylaws - a Comprehensive Process of Our Organizationuptheratios
Up the Ratios is a non-profit organization dedicated to bridging the gap in STEM education for underprivileged students by providing free, high-quality learning opportunities in robotics and other STEM fields. Our mission is to empower the next generation of innovators, thinkers, and problem-solvers by offering a range of educational programs that foster curiosity, creativity, and critical thinking.
At Up the Ratios, we believe that every student, regardless of their socio-economic background, should have access to the tools and knowledge needed to succeed in today's technology-driven world. To achieve this, we host a variety of free classes, workshops, summer camps, and live lectures tailored to students from underserved communities. Our programs are designed to be engaging and hands-on, allowing students to explore the exciting world of robotics and STEM through practical, real-world applications.
Our free classes cover fundamental concepts in robotics, coding, and engineering, providing students with a strong foundation in these critical areas. Through our interactive workshops, students can dive deeper into specific topics, working on projects that challenge them to apply what they've learned and think creatively. Our summer camps offer an immersive experience where students can collaborate on larger projects, develop their teamwork skills, and gain confidence in their abilities.
In addition to our local programs, Up the Ratios is committed to making a global impact. We take donations of new and gently used robotics parts, which we then distribute to students and educational institutions in other countries. These donations help ensure that young learners worldwide have the resources they need to explore and excel in STEM fields. By supporting education in this way, we aim to nurture a global community of future leaders and innovators.
Our live lectures feature guest speakers from various STEM disciplines, including engineers, scientists, and industry professionals who share their knowledge and experiences with our students. These lectures provide valuable insights into potential career paths and inspire students to pursue their passions in STEM.
Up the Ratios relies on the generosity of donors and volunteers to continue our work. Contributions of time, expertise, and financial support are crucial to sustaining our programs and expanding our reach. Whether you're an individual passionate about education, a professional in the STEM field, or a company looking to give back to the community, there are many ways to get involved and make a difference.
We are proud of the positive impact we've had on the lives of countless students, many of whom have gone on to pursue higher education and careers in STEM. By providing these young minds with the tools and opportunities they need to succeed, we are not only changing their futures but also contributing to the advancement of technology and innovation on a broader scale.
What is the point of small housing associations.pptxPaul Smith
Given the small scale of housing associations and their relative high cost per home what is the point of them and how do we justify their continued existance
ZGB - The Role of Generative AI in Government transformation.pdfSaeed Al Dhaheri
This keynote was presented during the the 7th edition of the UAE Hackathon 2024. It highlights the role of AI and Generative AI in addressing government transformation to achieve zero government bureaucracy
This session provides a comprehensive overview of the latest updates to the Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (commonly known as the Uniform Guidance) outlined in the 2 CFR 200.
With a focus on the 2024 revisions issued by the Office of Management and Budget (OMB), participants will gain insight into the key changes affecting federal grant recipients. The session will delve into critical regulatory updates, providing attendees with the knowledge and tools necessary to navigate and comply with the evolving landscape of federal grant management.
Learning Objectives:
- Understand the rationale behind the 2024 updates to the Uniform Guidance outlined in 2 CFR 200, and their implications for federal grant recipients.
- Identify the key changes and revisions introduced by the Office of Management and Budget (OMB) in the 2024 edition of 2 CFR 200.
- Gain proficiency in applying the updated regulations to ensure compliance with federal grant requirements and avoid potential audit findings.
- Develop strategies for effectively implementing the new guidelines within the grant management processes of their respective organizations, fostering efficiency and accountability in federal grant administration.
Presentation by Jared Jageler, David Adler, Noelia Duchovny, and Evan Herrnstadt, analysts in CBO’s Microeconomic Studies and Health Analysis Divisions, at the Association of Environmental and Resource Economists Summer Conference.
A process server is a authorized person for delivering legal documents, such as summons, complaints, subpoenas, and other court papers, to peoples involved in legal proceedings.
Manoj purandare - Strategy towards an Effective Security Operations Centre - SOC
1. A Strategy towards an Effective SOC - Manoj Purandare
Effective Security Operations Centre SOC building - by Manoj Purandare
This article tries to give a strategy towards building am
effective SOC using its 4 major points steps and 11 effective
steps recipe - for Organisation's / Govt's safety and security.
2. A Strategy towards an Effective SOC - Manoj Purandare
I - Background - Information Technology continues to evolve at a rapid pace. This article
describes a structured approach toward the formation of a government SOC that enables
organizations to integrate this capability into their overall Information Security Management
System (ISMS) and align with many of the requirements introduced by ISO/IEC 27001:2013.
So, why do we need a SOC ?
3. A Strategy towards an Effective SOC - Manoj Purandare
II- Creating the Roadmap – Since you can’t build a world-class SOC overnight, creating a
plan for incremental phases of implementation is critical to success.
• Budget
• Timelines
• What goes into such a roadmap?
• What comes first and what next?
• The goal can be execute regular incremental improvements based on your completed
gap analysis and to establish a series of prioritized milestones that lead the
organization towards optimized security and improved incident detection and
response.
• You need
• The Right People
• The Required Process
• The ever updating and precise Technology
• The Platform
• The Proactive and Real Time – Threat Intelligence
4. A Strategy towards an Effective SOC - Manoj Purandare
Let us see a basic design flow of the SOC requirements as below :
6. A Strategy towards an Effective SOC - Manoj Purandare
The gaps you uncover in that analysis can be translated into goals. Budget, personnel and
cultural constraints require that new processes and technologies be implemented in stages.
7. A Strategy towards an Effective SOC - Manoj Purandare
The Required SOC team members & their roles and responsibilities
1.The Right People
8. A Strategy towards an Effective SOC - Manoj Purandare
The Required SOC team members & their roles and responsibilities
In addition to SOC analysts, a security operations center requires a ringmaster for its
many moving parts. The SOC manager often fights fires, within and outside of the SOC.
The SOC manager is responsible for prioritizing work and organizing resources with the
ultimate goal of detecting, investigating and mitigating incidents that could impact the
business. A typical SOC organization is illustrated in Figure 2.
9. A Strategy towards an Effective SOC - Manoj Purandare
The Required SOC team members & their roles and responsibilities
The SOC Org Chart : The SOC manager should develop a workflow model and implement
standardized operating procedures (SOPs) for the incident-handling process that guides
analysts through triage and response procedures.
10. A Strategy towards an Effective SOC - Manoj Purandare
2. The required Processes
12. A Strategy towards an Effective SOC - Manoj Purandare
The Collective SOC Team.
Since not all skills and attributes will likely be found within each individual, capabilities
should be balanced across the SOC. Each shift should have a blend of skills and
temperaments, including “people” people; analysts that can communicate effectively with
the IT service provider or the organizational workforce.
Escalation and Complexity.
Every service will require graduated skill levels, and some services require a more
experienced “junior” level analyst than others. Staff shifts with a mix of experience levels
and seniority.
Advancement and Rotation.
• Establish growth paths for every position with the SOC.
• You will also need to plan for training and professional development
• Growth and training opportunities will help retain a professional workforce.
Trust Level.
• SOC analysts will have regular access to highly sensitive organizational information.
Implement a thorough regulations that require special background checks for people
with elevated access to IT systems.
13. A Strategy towards an Effective SOC - Manoj Purandare
3. The ever updating and precise Technology
14. A Strategy towards an Effective SOC - Manoj Purandare
4. The platform :
With known and unknown, advanced threat detection and prevention, URL filtering,
and mobile security—correlate all of these security functions and protect the
datacenter and the network perimeter.
The platform enables the government agency to take a whitelisting approach to their
applications, with the ability to segment government agencies
Alerts are drastically reduced significantly reducing the workload for the SOC analyst.
15. A Strategy towards an Effective SOC - Manoj Purandare
You may also need to considers the other controls as SOC Layered Security Controls and
the Physical Security Controls :
16. A Strategy towards an Effective SOC - Manoj Purandare
You may also need to considers the other controls as SOC Layered Security Controls and
the Physical Security Controls :
17. A Strategy towards an Effective SOC - Manoj Purandare
Beyond this, We need to be prepared with our SOC Service Service Catalogue that may
give a clear picture on SOC business operation and facilities available for a customer :
18. A Strategy towards an Effective SOC - Manoj Purandare
Initially, we have to define on various SOC Key tools, their integration, and their working
19. A Strategy towards an Effective SOC - Manoj Purandare
Initially, we have to define on various SOC Key tools, their integration, and their working
20. A Strategy towards an Effective SOC - Manoj Purandare
Initially, we have to define on various SOC Key tools, their integration, and their working
21. A Strategy towards an Effective SOC - Manoj Purandare
5.. The Proactive and Real time - Threat Intelligence
Mature SOCs continually develop the capability to consume and leverage threat
intelligence from their past incidents and from information-sharing sources
According to the 2015 SANS Cyberthreat Intelligence (CTI) Survey, 69% of respondents
reported that their organization implemented some cyberthreat intelligence capability,
with 27% indicating that their teams fully embrace the concept of CTI and integrated
response procedures across systems and staff.
Obstacles to Efficient SOC Incident Handling To achieve efficient incident handling, the
SOC must avoid bottlenecks in the IR process that moves incidents through Tier 1, into
Tier 2, and finally through Tier 3.
Bottlenecks can occur due to too much “white noise,” alerts of little consequence or
false-positives that lead to analyst “alert fatigue.”
Understanding of the government’s enterprise network topology, including all
connections (Internet, mission partners, cloud providers, vendor specific, etc.) is
needed for an understanding of attack vectors.
No intelligence exists without visibility—visibility across the whole network, including
endpoints, for all applications, all content, and all users.
22. A Strategy towards an Effective SOC - Manoj Purandare
Employing a platform like similar to that of Palo Alto Networks platform including
network and endpoint visibility and threat prevention can significantly increase that
visibility and subsequently accelerate the SOC’s intelligence capability.
The Palo Alto Networks platform detects ever changing threats, but more importantly
provides the ability to prevent them as soon as possible, ideally before they have
detonated on the network.
All insights feed onboard signature creation to detect and prevent future attacks. We
can accomplish this in a flexible and extensible platform that enables uniform
protection across traditional infrastructure at the network edge, the cloud and mobile
devices.
So define your road map clearly.
23. A Strategy towards an Effective SOC - Manoj Purandare
III. The SOC Governance, GRC and Process Framework
The framework for the Security Operations Center (SOC), like most organizational
capabilities, can be described in terms of its People, Processes, and Technology.
The people needed to staff the SOC are defined by an organizational structure, manning
levels, skill sets, and a professional development path to ensure the people grow as the
organization grows.
Clearly defined processes needed to sustain the organization and provide the services it
offers are essential to the successful accomplishment of the mission.
Technology is a critical enabler to the SOC mission; automated tools can be used to
correlate, reduce, and analyze the volume of data entering the SOC.
We will explain all four components in more detail, but we begin by presenting a high
level recipe for success.
Check for the 11-Steps Recipe for SOC Success here ahead
24. A Strategy towards an Effective SOC - Manoj Purandare
Below diagrams represent the SOC Governance model, GRC, Process Framework, etc.
26. A Strategy towards an Effective SOC - Manoj Purandare
The SOC Process Framework :
27. A Strategy towards an Effective SOC - Manoj Purandare
IV. And finally, The 11-Steps Recipe for SOC Success
There are 11 recommended steps that form the foundation of a new or revitalized SOC.
This article assumes the government organization or a Private Organization, has already
decided to create an in-sourced SOC capability rather than seek it as a service from an
out-sourced provider or agency within the given government—a decision that involves
factors beyond the scope of this paper.
The first step is to identify an executable mission including whom the SOC will serve, and
where it will be located organizationally. Next the SOC should identify the services
offered. The service architecture should be evolutionary; fewer services delivered well at
the onset is better than many services offered poorly.
As the SOC and the supported organization mature, so can the services offered. Once
these foundational steps are completed, the organization can acquire and develop the
appropriate people, process, technology, and intelligence to align with the mission and
the services.
Concurrently, the SOC must establish and execute an effective communication strategy
to get buy-in at all levels within the organization.
28. A Strategy towards an Effective SOC - Manoj Purandare
The 11-Steps Recipe for SOC Success here ahead
A. Identify an Executable Mission
B. Identify the Services Offered
C. Basic Core SOC services:
D. Intermediate Core SOC services:
E. Advanced SOC services:
F. Supporting SOC services:
G. Document the Mission and Services
H. Adding Context to Security Incidents
I. Defining Normal Through Baselining
J. Acquire the necessary People, Processes, Technologies and Intelligence
K. Execute an Effective Communications Strategy
30. A Strategy towards an Effective SOC - Manoj Purandare
The SOC must establish itself as a mission enabler rather than an encumbrance.
Ultimately this distinction will be determined by action; initially it will be determined by
message.
Finally, the SOC may be required to establish relationships with partner organizations
within government domestic and international security frameworks, but even if not
mandated, should establish relationships with peer organizations. Reach out to similar
organizations and understand their approach to cybersecurity. If knowledge is power,
these peer relationships will increase both exponentially.
Summary :
Whether you have decided to create a SOC as part of the government organization’s
Information Security Management System (ISMS) for ISO/IEC 27001 certification, or just
recognizing a need to centralize IT security efforts, this whitepaper will provide a useful
map of your path to success. Understand the organization’s objective. Select the people,
process, and technology that fit the organization. Focus on Intelligence. Communicate
and Execute. Building a SOC may seem onerous, but the payoff—with improved visibility,
intelligence and protection for the government in these challenging times—will be well
worth it.
31. A Strategy towards an Effective SOC - Manoj Purandare
Some useful links :
https://blog.komand.com/how-to-structure-a-security-operations-center
https://www.mcafee.com/in/resources/white-papers/foundstone/wp-creating-maintaining-soc.pdf
Reference and Acknowledgements :
https://www.sans.org/reading-room/whitepapers/analyst/building-world-class-security-operations-
center-roadmap-35907
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
https://www.sans.org/reading-room/whitepapers/analyst/benchmarking-security-information-event-
management-siem-34755
http://www.sans.org/reading-room/whitepapers/analyst/ninth-log-management-survey-report-
35497
https://www.sans.org/reading-room/whitepapers/incident/incident-response-fight-35342
https://www.sans.org/webcasts/cyberthreat-intelligence-how-1-definitions-tools-standards-99052
https://www.sans.org/reading-room/whitepapers/incident/incident-response-fight-35342
https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/white-papers/security-
operations-centers.pdf
32. A Strategy towards an Effective SOC - Manoj Purandare
An article on - Strategy for building an effective Security Operations Center [SOC]
Sincere Thanks .!!!
for all the experts in the Government, IT, Infosec & Cyber Security Industry
This article is a basic guideline towards –
Strategy for building an effective Security Operations Center [SOC]. I whole
heartedly and sincerely thank you one and all who provided me valuable
inputs, references and information to complete it for the benefit of
Government and Corporate Infosec and Cyber Security World
Treat this Slide dedicated and acknowledgement to one and all who I forgot
to mention, missed out their names, companies, website and other info here
in this presentation. I thank you and apologize if I had forgot to mention you
here.
33. A Strategy towards an Effective SOC - Manoj Purandare
Manoj Purandare
DCM, MCS, CISSP, PMP, PgMP, ITIL,
Cyber Crime Analyst, PCI DSS Security
Implementer, with more than 2 decades of IT and
Infosec experience and specialization
mail: technicalmanoj@gmail.com
Linkedin :
https://www.linkedin.com/in/manojypurandare
about –
Author & Presenter
Thank you