Simply put, the role of the SOC is the IT infrastructure and protected data.
However, achieving that is much easier said than done, and to achieve this we must first consider the role of the SOC in more detail, then the people in the SOC and about the end of the process and the procedures required for the security operations jobs to function properly. .
As we will consider later, the exact roles and responsibilities will be determined by the size of the organization involved. However, most SOCs have the following key responsibilities:
This can be considered one of the main responsibilities of the SOC, although it is now often included in information security and incident management. There can be a lot of overlap with other parts of the organization as it clearly interacts with physical security that is often serviced by a different part of the organization. There may be an overlap with other parts of the IT operations team, particularly when it comes to accessibility issues, which can be the responsibility of both the SOC team and the operations team.
Feedback for safety
In many ways, this is the reaction function of SOC. In response to incidents, we identify and respond to safety concerns in a timely manner. For those of you who are advanced in MSc Cyber Security, we will discuss this in more detail in this program.
Security and Event Information (SIEM)
SIEM extracts ideas from ITSM and puts them into storage-related data management. This information may contain a variety of information resources obtained from monitoring, but it may also include additional security information, such as current controls, organizational data, risk data, case data, and other information. again.
An increasing segment of SOC operations are able to respond to threats. To do this, SOCs need to collect threat intelligence that can guide SOC behavior. This can take many forms and use many different methods such as social media, warning from the Computer Emergency Response Commission (CERTs), marketing terms, reviews from our system, etc.
Information risk management
KES may be responsible for information risk management, where KES is responsible for quantifying the degree of information security risk to which the organization is exposed and specifying controls for risk management. Risk management is often carried out with the operations team and is usually based on standards such as the ISO 27005 standard.
Declaration of Information (IA)
After defining the risk and setting the necessary controls, you need to make sure that the controls are in place. This is Information Assurance (IA), and if KES is responsible for information risk management, it is generally responsible for the IA. The UK Cabinet Department defines the IA as’the confidence that the information system will protect information that is carried and functioning as needed under the control of legitimate users’ (UK Cabinet Office 2011). Therefore, the IA can be thought of as an information security record because it covers all risks of availability as well as security risks.
Compliance with information security
Compliance with information security in terms of external control and internal policies. External regulations are usually legal (e.g. GDPR, Computer Misuse Act, etc.), but they can also be industry standards, such as the payment card data security rule (PCI DSS), in which credit card processing standards must be met. . data.
Until recently, governance was seen only as a board-level activity, and while it is true that governance is primarily the responsibility of committees, the latest best practice approaches promote and incorporate it at all levels of governance and allow for specialized parts organization management. important parts of the governance process. With regard to IT governance, it is therefore logical for KES to provide advice or guidance on aspects of IT security governance.
KES often performs other security-related functions in addition to those listed above; however, it will largely determine the organizational contexts in which KES operates.