Effective Security Operations Centre SOC building - by Manoj Purandare. This article tries to give a strategy towards building am effective SOC using its 4 major points steps and 11 effective steps recipe - for Organisation's / Govt's safety and security
Today, the delegation of risk decisions to the IT team
cannot be the only solution and has to be a shared
responsibility. The board and business executives are
expected to incorporate the management of cyber risk
as part of their business strategy since they are
accountable to stakeholders, regulators and
customers. For the CROs, CISOs, and Security and Risk
Management Professionals to be on the same page,
there has to be a single source of truth for
communicating the impact that cyber risk has on
business outcomes, in a language that everyone can
understand.
Assessing and Managing IT Security RisksChris Ross
Data privacy and protection has become the gold standard in IT. Scale Venture Partners and Wisegate share what they learned from over 100 IT professionals questioned about the risks and technology trends driving their security programs. Read about the move towards data centric security and the need for improvement in automated security controls and metrics reporting.
Your Challenge
Organizations are struggling to keep up with today’s evolving threat landscape.
From technology sophistication and business adoption to the proliferation of hacking techniques and the expansion of hacking motivations, organizations are facing major security risks.
Every organization needs some kind of information security program to protect their systems and assets.
Organizations today face pressure from regulatory or legal obligations, customer requirement, and now, senior management expectations.
Our Advice
Critical Insight
Performing an accurate assessment of your current security operations and maturity levels can be extremely hard when you don’t know what to assess or how to assess it.
Alignment can be a difficult area for security to get right when it’s trying to balance both regular IT and the business.
Communication is needed between the business leaders, IT leaders, and the security team for an effective security strategy to be in place.
Impact and Result
Info-Tech has analyzed and integrated regulatory and industry best practice frameworks, combining COBIT 5, PCI DSS, ISO 27000, NIST SP800-53, and SANS to ensure an exhaustive approach to security.
Through this process, a comprehensive current state assessment, gap analysis, and initiative generation ensures that nothing is left off the table.
This project will elevate the perception of the security team from being a hindrance to the organization to an enabler.
Today, the delegation of risk decisions to the IT team
cannot be the only solution and has to be a shared
responsibility. The board and business executives are
expected to incorporate the management of cyber risk
as part of their business strategy since they are
accountable to stakeholders, regulators and
customers. For the CROs, CISOs, and Security and Risk
Management Professionals to be on the same page,
there has to be a single source of truth for
communicating the impact that cyber risk has on
business outcomes, in a language that everyone can
understand.
Assessing and Managing IT Security RisksChris Ross
Data privacy and protection has become the gold standard in IT. Scale Venture Partners and Wisegate share what they learned from over 100 IT professionals questioned about the risks and technology trends driving their security programs. Read about the move towards data centric security and the need for improvement in automated security controls and metrics reporting.
Your Challenge
Organizations are struggling to keep up with today’s evolving threat landscape.
From technology sophistication and business adoption to the proliferation of hacking techniques and the expansion of hacking motivations, organizations are facing major security risks.
Every organization needs some kind of information security program to protect their systems and assets.
Organizations today face pressure from regulatory or legal obligations, customer requirement, and now, senior management expectations.
Our Advice
Critical Insight
Performing an accurate assessment of your current security operations and maturity levels can be extremely hard when you don’t know what to assess or how to assess it.
Alignment can be a difficult area for security to get right when it’s trying to balance both regular IT and the business.
Communication is needed between the business leaders, IT leaders, and the security team for an effective security strategy to be in place.
Impact and Result
Info-Tech has analyzed and integrated regulatory and industry best practice frameworks, combining COBIT 5, PCI DSS, ISO 27000, NIST SP800-53, and SANS to ensure an exhaustive approach to security.
Through this process, a comprehensive current state assessment, gap analysis, and initiative generation ensures that nothing is left off the table.
This project will elevate the perception of the security team from being a hindrance to the organization to an enabler.
If you have problem of not knowing how to build a foundation for information security, if you are faced with questions such as where to start and how to start then this white paper may have the solutions and answers for you. In this paper you learn how to build the foundation step by step. It is written by the expert but in a simple language that is easy to understand. I have seen many papers that addressed this issue but none in the style of this paper.
Workforce Management (WFM) is an integrated set of processes that the company uses to optimize the productivity of its employees and it should mainly consist of five main pillars I.e. Procurement, Recruitment, Human Resource, Operation and finance. It involves monitoring supply status and
current inventory, recruitment process lifecycle, resource allocation and
utilization, invoicing process and approvals, forecasting labor requirements effectively and creating and managing staff schedules to accomplish a task on a day to day and hour to hour basis and analytics.
The current available Workforce Management Solution software mainly focuses on Human Resource as the core entity which may extend to include operations or finance but most of them lack the complete eco system to
implement a full fledge Workforce Management solution.
Workforce Management solution should be operational end to end which means it should start with the procurement of the resources to recruiting those resources after which human resource comes in to play and a swift operational process which
ends in analytics mainly focusing on finance.
Cosmetic shop management system project report.pdfKamal Acharya
Buying new cosmetic products is difficult. It can even be scary for those who have sensitive skin and are prone to skin trouble. The information needed to alleviate this problem is on the back of each product, but it's thought to interpret those ingredient lists unless you have a background in chemistry.
Instead of buying and hoping for the best, we can use data science to help us predict which products may be good fits for us. It includes various function programs to do the above mentioned tasks.
Data file handling has been effectively used in the program.
The automated cosmetic shop management system should deal with the automation of general workflow and administration process of the shop. The main processes of the system focus on customer's request where the system is able to search the most appropriate products and deliver it to the customers. It should help the employees to quickly identify the list of cosmetic product that have reached the minimum quantity and also keep a track of expired date for each cosmetic product. It should help the employees to find the rack number in which the product is placed.It is also Faster and more efficient way.
As requested by folks these are the presentation notes for Securing Citizen Facing Applications. Hope these help with your IDM planning and implementation
Educaterer India is an unique combination of passion driven into a hobby which makes an awesome profession. We carve the lives of enthusiastic candidates to a perfect professional who can impress upon the mindsets of the industry, while following the established traditions, can dare to set new standards to follow. We don't want you to be the part of the crowd, rather we like to make you the reason of the crowd.
Today's Effort For A Better Tomorrow
Educaterer India is an unique combination of passion driven into a hobby which makes an awesome profession. We carve the lives of enthusiastic candidates to a perfect professional who can impress upon the mindsets of the industry, while following the established traditions, can dare to set new standards to follow. We don't want you to be the part of the crowd, rather we like to make you the reason of the crowd.
Today's Effort For A Better Tomorrow
If you have problem of not knowing how to build a foundation for information security, if you are faced with questions such as where to start and how to start then this white paper may have the solutions and answers for you. In this paper you learn how to build the foundation step by step. It is written by the expert but in a simple language that is easy to understand. I have seen many papers that addressed this issue but none in the style of this paper.
Workforce Management (WFM) is an integrated set of processes that the company uses to optimize the productivity of its employees and it should mainly consist of five main pillars I.e. Procurement, Recruitment, Human Resource, Operation and finance. It involves monitoring supply status and
current inventory, recruitment process lifecycle, resource allocation and
utilization, invoicing process and approvals, forecasting labor requirements effectively and creating and managing staff schedules to accomplish a task on a day to day and hour to hour basis and analytics.
The current available Workforce Management Solution software mainly focuses on Human Resource as the core entity which may extend to include operations or finance but most of them lack the complete eco system to
implement a full fledge Workforce Management solution.
Workforce Management solution should be operational end to end which means it should start with the procurement of the resources to recruiting those resources after which human resource comes in to play and a swift operational process which
ends in analytics mainly focusing on finance.
Cosmetic shop management system project report.pdfKamal Acharya
Buying new cosmetic products is difficult. It can even be scary for those who have sensitive skin and are prone to skin trouble. The information needed to alleviate this problem is on the back of each product, but it's thought to interpret those ingredient lists unless you have a background in chemistry.
Instead of buying and hoping for the best, we can use data science to help us predict which products may be good fits for us. It includes various function programs to do the above mentioned tasks.
Data file handling has been effectively used in the program.
The automated cosmetic shop management system should deal with the automation of general workflow and administration process of the shop. The main processes of the system focus on customer's request where the system is able to search the most appropriate products and deliver it to the customers. It should help the employees to quickly identify the list of cosmetic product that have reached the minimum quantity and also keep a track of expired date for each cosmetic product. It should help the employees to find the rack number in which the product is placed.It is also Faster and more efficient way.
As requested by folks these are the presentation notes for Securing Citizen Facing Applications. Hope these help with your IDM planning and implementation
Educaterer India is an unique combination of passion driven into a hobby which makes an awesome profession. We carve the lives of enthusiastic candidates to a perfect professional who can impress upon the mindsets of the industry, while following the established traditions, can dare to set new standards to follow. We don't want you to be the part of the crowd, rather we like to make you the reason of the crowd.
Today's Effort For A Better Tomorrow
Educaterer India is an unique combination of passion driven into a hobby which makes an awesome profession. We carve the lives of enthusiastic candidates to a perfect professional who can impress upon the mindsets of the industry, while following the established traditions, can dare to set new standards to follow. We don't want you to be the part of the crowd, rather we like to make you the reason of the crowd.
Today's Effort For A Better Tomorrow
Similar to Manoj purandare Stratergy towards an effective soc (20)
Manoj Purandare- Stratergy towards an Effective Security Operations Centre -...Manoj Purandare ☁
Effective Security Operations Centre SOC building - by Manoj Purandare. This article tries to give a strategy towards building am effective SOC using its 4 major points steps and 11 effective steps recipe - for Organisation's / Govt's safety and security
Manoj Purandare- Stratergy towards an Effective Security Operations Centre -...Manoj Purandare ☁
Effective Security Operations Centre SOC building - by Manoj Purandare. This article tries to give a strategy towards building am effective SOC using its 4 major points steps and 11 effective steps recipe - for Organisation's / Govt's safety and security
Manoj Purandare- Stratergy towards an Effective Security Operations Centre -...Manoj Purandare ☁
Effective Security Operations Centre SOC building - by Manoj Purandare. This article tries to give a strategy towards building am effective SOC using its 4 major points steps and 11 effective steps recipe - for Organisation's / Govt's safety and security
Manoj Purandare- Stratergy towards an Effective Security Operations Centre -...Manoj Purandare ☁
Effective Security Operations Centre SOC building - by Manoj Purandare. This article tries to give a strategy towards building am effective SOC using its 4 major points steps and 11 effective steps recipe - for Organisation's / Govt's safety and security
Manoj Purandare- Stratergy towards an Effective Security Operations Centre -...Manoj Purandare ☁
Effective Security Operations Centre SOC building - by Manoj Purandare. This article tries to give a strategy towards building am effective SOC using its 4 major points steps and 11 effective steps recipe - for Organisation's / Govt's safety and security
Manoj purandare - Strategy towards an Effective Security Operations Centre - SOCManoj Purandare ☁
Effective Security Operations Centre SOC building - by Manoj Purandare. This article tries to give a strategy towards building am effective SOC using its 4 major points steps and 11 effective steps recipe - for Organisation's / Govt's safety and security
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...Manoj Purandare ☁
Effective Security Operations Centre SOC building - by Manoj Purandare. This article tries to give a strategy towards building am effective SOC using its 4 major points steps and 11 effective steps recipe - for Organisation's / Govt's safety and security
Discover the innovative and creative projects that highlight my journey throu...dylandmeas
Discover the innovative and creative projects that highlight my journey through Full Sail University. Below, you’ll find a collection of my work showcasing my skills and expertise in digital marketing, event planning, and media production.
Explore our most comprehensive guide on lookback analysis at SafePaaS, covering access governance and how it can transform modern ERP audits. Browse now!
What are the main advantages of using HR recruiter services.pdfHumanResourceDimensi1
HR recruiter services offer top talents to companies according to their specific needs. They handle all recruitment tasks from job posting to onboarding and help companies concentrate on their business growth. With their expertise and years of experience, they streamline the hiring process and save time and resources for the company.
Affordable Stationery Printing Services in Jaipur | Navpack n PrintNavpack & Print
Looking for professional printing services in Jaipur? Navpack n Print offers high-quality and affordable stationery printing for all your business needs. Stand out with custom stationery designs and fast turnaround times. Contact us today for a quote!
Memorandum Of Association Constitution of Company.pptseri bangash
www.seribangash.com
A Memorandum of Association (MOA) is a legal document that outlines the fundamental principles and objectives upon which a company operates. It serves as the company's charter or constitution and defines the scope of its activities. Here's a detailed note on the MOA:
Contents of Memorandum of Association:
Name Clause: This clause states the name of the company, which should end with words like "Limited" or "Ltd." for a public limited company and "Private Limited" or "Pvt. Ltd." for a private limited company.
https://seribangash.com/article-of-association-is-legal-doc-of-company/
Registered Office Clause: It specifies the location where the company's registered office is situated. This office is where all official communications and notices are sent.
Objective Clause: This clause delineates the main objectives for which the company is formed. It's important to define these objectives clearly, as the company cannot undertake activities beyond those mentioned in this clause.
www.seribangash.com
Liability Clause: It outlines the extent of liability of the company's members. In the case of companies limited by shares, the liability of members is limited to the amount unpaid on their shares. For companies limited by guarantee, members' liability is limited to the amount they undertake to contribute if the company is wound up.
https://seribangash.com/promotors-is-person-conceived-formation-company/
Capital Clause: This clause specifies the authorized capital of the company, i.e., the maximum amount of share capital the company is authorized to issue. It also mentions the division of this capital into shares and their respective nominal value.
Association Clause: It simply states that the subscribers wish to form a company and agree to become members of it, in accordance with the terms of the MOA.
Importance of Memorandum of Association:
Legal Requirement: The MOA is a legal requirement for the formation of a company. It must be filed with the Registrar of Companies during the incorporation process.
Constitutional Document: It serves as the company's constitutional document, defining its scope, powers, and limitations.
Protection of Members: It protects the interests of the company's members by clearly defining the objectives and limiting their liability.
External Communication: It provides clarity to external parties, such as investors, creditors, and regulatory authorities, regarding the company's objectives and powers.
https://seribangash.com/difference-public-and-private-company-law/
Binding Authority: The company and its members are bound by the provisions of the MOA. Any action taken beyond its scope may be considered ultra vires (beyond the powers) of the company and therefore void.
Amendment of MOA:
While the MOA lays down the company's fundamental principles, it is not entirely immutable. It can be amended, but only under specific circumstances and in compliance with legal procedures. Amendments typically require shareholder
As a business owner in Delaware, staying on top of your tax obligations is paramount, especially with the annual deadline for Delaware Franchise Tax looming on March 1. One such obligation is the annual Delaware Franchise Tax, which serves as a crucial requirement for maintaining your company’s legal standing within the state. While the prospect of handling tax matters may seem daunting, rest assured that the process can be straightforward with the right guidance. In this comprehensive guide, we’ll walk you through the steps of filing your Delaware Franchise Tax and provide insights to help you navigate the process effectively.
India Orthopedic Devices Market: Unlocking Growth Secrets, Trends and Develop...Kumar Satyam
According to TechSci Research report, “India Orthopedic Devices Market -Industry Size, Share, Trends, Competition Forecast & Opportunities, 2030”, the India Orthopedic Devices Market stood at USD 1,280.54 Million in 2024 and is anticipated to grow with a CAGR of 7.84% in the forecast period, 2026-2030F. The India Orthopedic Devices Market is being driven by several factors. The most prominent ones include an increase in the elderly population, who are more prone to orthopedic conditions such as osteoporosis and arthritis. Moreover, the rise in sports injuries and road accidents are also contributing to the demand for orthopedic devices. Advances in technology and the introduction of innovative implants and prosthetics have further propelled the market growth. Additionally, government initiatives aimed at improving healthcare infrastructure and the increasing prevalence of lifestyle diseases have led to an upward trend in orthopedic surgeries, thereby fueling the market demand for these devices.
Accpac to QuickBooks Conversion Navigating the Transition with Online Account...PaulBryant58
This article provides a comprehensive guide on how to
effectively manage the convert Accpac to QuickBooks , with a particular focus on utilizing online accounting services to streamline the process.
Personal Brand Statement:
As an Army veteran dedicated to lifelong learning, I bring a disciplined, strategic mindset to my pursuits. I am constantly expanding my knowledge to innovate and lead effectively. My journey is driven by a commitment to excellence, and to make a meaningful impact in the world.
Unveiling the Secrets How Does Generative AI Work.pdfSam H
At its core, generative artificial intelligence relies on the concept of generative models, which serve as engines that churn out entirely new data resembling their training data. It is like a sculptor who has studied so many forms found in nature and then uses this knowledge to create sculptures from his imagination that have never been seen before anywhere else. If taken to cyberspace, gans work almost the same way.
Falcon stands out as a top-tier P2P Invoice Discounting platform in India, bridging esteemed blue-chip companies and eager investors. Our goal is to transform the investment landscape in India by establishing a comprehensive destination for borrowers and investors with diverse profiles and needs, all while minimizing risk. What sets Falcon apart is the elimination of intermediaries such as commercial banks and depository institutions, allowing investors to enjoy higher yields.
Cracking the Workplace Discipline Code Main.pptxWorkforce Group
Cultivating and maintaining discipline within teams is a critical differentiator for successful organisations.
Forward-thinking leaders and business managers understand the impact that discipline has on organisational success. A disciplined workforce operates with clarity, focus, and a shared understanding of expectations, ultimately driving better results, optimising productivity, and facilitating seamless collaboration.
Although discipline is not a one-size-fits-all approach, it can help create a work environment that encourages personal growth and accountability rather than solely relying on punitive measures.
In this deck, you will learn the significance of workplace discipline for organisational success. You’ll also learn
• Four (4) workplace discipline methods you should consider
• The best and most practical approach to implementing workplace discipline.
• Three (3) key tips to maintain a disciplined workplace.
Manoj purandare Stratergy towards an effective soc
1. A Strategy towards an Effective SOC - Manoj Purandare
Effective Security Operations Centre SOC building - by Manoj Purandare
This article tries to give a strategy towards building am
effective SOC using its 4 major points steps and 11 effective
steps recipe - for Organisation's / Govt's safety and security.
2. A Strategy towards an Effective SOC - Manoj Purandare
I - Background - Information Technology continues to evolve at a rapid pace. This article
describes a structured approach toward the formation of a government SOC that enables
organizations to integrate this capability into their overall Information Security Management
System (ISMS) and align with many of the requirements introduced by ISO/IEC 27001:2013.
So, why do we need a SOC ?
3. A Strategy towards an Effective SOC - Manoj Purandare
II- Creating the Roadmap – Since you can’t build a world-class SOC overnight, creating a
plan for incremental phases of implementation is critical to success.
• Budget
• Timelines
• What goes into such a roadmap?
• What comes first and what next?
• The goal can be execute regular incremental improvements based on your completed
gap analysis and to establish a series of prioritized milestones that lead the
organization towards optimized security and improved incident detection and
response.
• You need
• The Right People
• The Required Process
• The ever updating and precise Technology
• The Platform
• The Proactive and Real Time – Threat Intelligence
4. A Strategy towards an Effective SOC - Manoj Purandare
Let us see a basic design flow of the SOC requirements as below :
6. A Strategy towards an Effective SOC - Manoj Purandare
The gaps you uncover in that analysis can be translated into goals. Budget, personnel and
cultural constraints require that new processes and technologies be implemented in stages.
7. A Strategy towards an Effective SOC - Manoj Purandare
The Required SOC team members & their roles and responsibilities
1.The Right People
8. A Strategy towards an Effective SOC - Manoj Purandare
The Required SOC team members & their roles and responsibilities
In addition to SOC analysts, a security operations center requires a ringmaster for its
many moving parts. The SOC manager often fights fires, within and outside of the SOC.
The SOC manager is responsible for prioritizing work and organizing resources with the
ultimate goal of detecting, investigating and mitigating incidents that could impact the
business. A typical SOC organization is illustrated in Figure 2.
9. A Strategy towards an Effective SOC - Manoj Purandare
The Required SOC team members & their roles and responsibilities
The SOC Org Chart : The SOC manager should develop a workflow model and implement
standardized operating procedures (SOPs) for the incident-handling process that guides
analysts through triage and response procedures.
10. A Strategy towards an Effective SOC - Manoj Purandare
2. The required Processes
12. A Strategy towards an Effective SOC - Manoj Purandare
The Collective SOC Team.
Since not all skills and attributes will likely be found within each individual, capabilities
should be balanced across the SOC. Each shift should have a blend of skills and
temperaments, including “people” people; analysts that can communicate effectively with
the IT service provider or the organizational workforce.
Escalation and Complexity.
Every service will require graduated skill levels, and some services require a more
experienced “junior” level analyst than others. Staff shifts with a mix of experience levels
and seniority.
Advancement and Rotation.
• Establish growth paths for every position with the SOC.
• You will also need to plan for training and professional development
• Growth and training opportunities will help retain a professional workforce.
Trust Level.
• SOC analysts will have regular access to highly sensitive organizational information.
Implement a thorough regulations that require special background checks for people
with elevated access to IT systems.
13. A Strategy towards an Effective SOC - Manoj Purandare
3. The ever updating and precise Technology
14. A Strategy towards an Effective SOC - Manoj Purandare
4. The platform :
With known and unknown, advanced threat detection and prevention, URL filtering,
and mobile security—correlate all of these security functions and protect the
datacenter and the network perimeter.
The platform enables the government agency to take a whitelisting approach to their
applications, with the ability to segment government agencies
Alerts are drastically reduced significantly reducing the workload for the SOC analyst.
15. A Strategy towards an Effective SOC - Manoj Purandare
You may also need to considers the other controls as SOC Layered Security Controls and
the Physical Security Controls :
16. A Strategy towards an Effective SOC - Manoj Purandare
You may also need to considers the other controls as SOC Layered Security Controls and
the Physical Security Controls :
17. A Strategy towards an Effective SOC - Manoj Purandare
Beyond this, We need to be prepared with our SOC Service Service Catalogue that may
give a clear picture on SOC business operation and facilities available for a customer :
18. A Strategy towards an Effective SOC - Manoj Purandare
Initially, we have to define on various SOC Key tools, their integration, and their working
19. A Strategy towards an Effective SOC - Manoj Purandare
Initially, we have to define on various SOC Key tools, their integration, and their working
20. A Strategy towards an Effective SOC - Manoj Purandare
Initially, we have to define on various SOC Key tools, their integration, and their working
21. A Strategy towards an Effective SOC - Manoj Purandare
5.. The Proactive and Real time - Threat Intelligence
Mature SOCs continually develop the capability to consume and leverage threat
intelligence from their past incidents and from information-sharing sources
According to the 2015 SANS Cyberthreat Intelligence (CTI) Survey, 69% of respondents
reported that their organization implemented some cyberthreat intelligence capability,
with 27% indicating that their teams fully embrace the concept of CTI and integrated
response procedures across systems and staff.
Obstacles to Efficient SOC Incident Handling To achieve efficient incident handling, the
SOC must avoid bottlenecks in the IR process that moves incidents through Tier 1, into
Tier 2, and finally through Tier 3.
Bottlenecks can occur due to too much “white noise,” alerts of little consequence or
false-positives that lead to analyst “alert fatigue.”
Understanding of the government’s enterprise network topology, including all
connections (Internet, mission partners, cloud providers, vendor specific, etc.) is
needed for an understanding of attack vectors.
No intelligence exists without visibility—visibility across the whole network, including
endpoints, for all applications, all content, and all users.
22. A Strategy towards an Effective SOC - Manoj Purandare
Employing a platform like similar to that of Palo Alto Networks platform including
network and endpoint visibility and threat prevention can significantly increase that
visibility and subsequently accelerate the SOC’s intelligence capability.
The Palo Alto Networks platform detects ever changing threats, but more importantly
provides the ability to prevent them as soon as possible, ideally before they have
detonated on the network.
All insights feed onboard signature creation to detect and prevent future attacks. We
can accomplish this in a flexible and extensible platform that enables uniform
protection across traditional infrastructure at the network edge, the cloud and mobile
devices.
So define your road map clearly.
23. A Strategy towards an Effective SOC - Manoj Purandare
III. The SOC Governance, GRC and Process Framework
The framework for the Security Operations Center (SOC), like most organizational
capabilities, can be described in terms of its People, Processes, and Technology.
The people needed to staff the SOC are defined by an organizational structure, manning
levels, skill sets, and a professional development path to ensure the people grow as the
organization grows.
Clearly defined processes needed to sustain the organization and provide the services it
offers are essential to the successful accomplishment of the mission.
Technology is a critical enabler to the SOC mission; automated tools can be used to
correlate, reduce, and analyze the volume of data entering the SOC.
We will explain all four components in more detail, but we begin by presenting a high
level recipe for success.
Check for the 11-Steps Recipe for SOC Success here ahead
24. A Strategy towards an Effective SOC - Manoj Purandare
Below diagrams represent the SOC Governance model, GRC, Process Framework, etc.
26. A Strategy towards an Effective SOC - Manoj Purandare
The SOC Process Framework :
27. A Strategy towards an Effective SOC - Manoj Purandare
IV. And finally, The 11-Steps Recipe for SOC Success
There are 11 recommended steps that form the foundation of a new or revitalized SOC.
This article assumes the government organization or a Private Organization, has already
decided to create an in-sourced SOC capability rather than seek it as a service from an
out-sourced provider or agency within the given government—a decision that involves
factors beyond the scope of this paper.
The first step is to identify an executable mission including whom the SOC will serve, and
where it will be located organizationally. Next the SOC should identify the services
offered. The service architecture should be evolutionary; fewer services delivered well at
the onset is better than many services offered poorly.
As the SOC and the supported organization mature, so can the services offered. Once
these foundational steps are completed, the organization can acquire and develop the
appropriate people, process, technology, and intelligence to align with the mission and
the services.
Concurrently, the SOC must establish and execute an effective communication strategy
to get buy-in at all levels within the organization.
28. A Strategy towards an Effective SOC - Manoj Purandare
The 11-Steps Recipe for SOC Success here ahead
A. Identify an Executable Mission
B. Identify the Services Offered
C. Basic Core SOC services:
D. Intermediate Core SOC services:
E. Advanced SOC services:
F. Supporting SOC services:
G. Document the Mission and Services
H. Adding Context to Security Incidents
I. Defining Normal Through Baselining
J. Acquire the necessary People, Processes, Technologies and Intelligence
K. Execute an Effective Communications Strategy
30. A Strategy towards an Effective SOC - Manoj Purandare
The SOC must establish itself as a mission enabler rather than an encumbrance.
Ultimately this distinction will be determined by action; initially it will be determined by
message.
Finally, the SOC may be required to establish relationships with partner organizations
within government domestic and international security frameworks, but even if not
mandated, should establish relationships with peer organizations. Reach out to similar
organizations and understand their approach to cybersecurity. If knowledge is power,
these peer relationships will increase both exponentially.
Summary :
Whether you have decided to create a SOC as part of the government organization’s
Information Security Management System (ISMS) for ISO/IEC 27001 certification, or just
recognizing a need to centralize IT security efforts, this whitepaper will provide a useful
map of your path to success. Understand the organization’s objective. Select the people,
process, and technology that fit the organization. Focus on Intelligence. Communicate
and Execute. Building a SOC may seem onerous, but the payoff—with improved visibility,
intelligence and protection for the government in these challenging times—will be well
worth it.
31. A Strategy towards an Effective SOC - Manoj Purandare
Some useful links :
https://blog.komand.com/how-to-structure-a-security-operations-center
https://www.mcafee.com/in/resources/white-papers/foundstone/wp-creating-maintaining-soc.pdf
Reference and Acknowledgements :
https://www.sans.org/reading-room/whitepapers/analyst/building-world-class-security-operations-
center-roadmap-35907
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
https://www.sans.org/reading-room/whitepapers/analyst/benchmarking-security-information-event-
management-siem-34755
http://www.sans.org/reading-room/whitepapers/analyst/ninth-log-management-survey-report-
35497
https://www.sans.org/reading-room/whitepapers/incident/incident-response-fight-35342
https://www.sans.org/webcasts/cyberthreat-intelligence-how-1-definitions-tools-standards-99052
https://www.sans.org/reading-room/whitepapers/incident/incident-response-fight-35342
https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/white-papers/security-
operations-centers.pdf
32. A Strategy towards an Effective SOC - Manoj Purandare
An article on - Strategy for building an effective Security Operations Center [SOC]
Sincere Thanks .!!!
for all the experts in the Government, IT, Infosec & Cyber Security Industry
This article is a basic guideline towards –
Strategy for building an effective Security Operations Center [SOC]. I whole
heartedly and sincerely thank you one and all who provided me valuable
inputs, references and information to complete it for the benefit of
Government and Corporate Infosec and Cyber Security World
Treat this Slide dedicated and acknowledgement to one and all who I forgot
to mention, missed out their names, companies, website and other info here
in this presentation. I thank you and apologize if I had forgot to mention you
here.
33. A Strategy towards an Effective SOC - Manoj Purandare
Manoj Purandare
DCM, MCS, CISSP, PMP, PgMP, ITIL,
Cyber Crime Analyst, PCI DSS Security
Implementer, with more than 2 decades of IT and
Infosec experience and specialization
mail: technicalmanoj@gmail.com
Linkedin :
https://www.linkedin.com/in/manojypurandare
about –
Author & Presenter
Thank you