Book description
Do you know what weapons are used to protect against cyber warfare and what tools to use to minimize their impact? How can you gather intelligence that will allow you to configure your system to ward off attacks? Online security and privacy issues are becoming more and more significant every day, with many instances of companies and governments mishandling (or deliberately misusing) personal and financial data.
Organizations need to be committed to defending their own assets and their customers’ information. Designing and Building a Security Operations Center will show you how to develop the organization, infrastructure, and capabilities to protect your company and your customers effectively, efficiently, and discreetly.
Written by a subject expert who has consulted on SOC implementation in both the public and private sector, Designing and Building a Security Operations Center is the go-to blueprint for cyber-defense.
- Explains how to develop and build a Security Operations Center
- Shows how to gather invaluable intelligence to protect your organization
- Helps you evaluate the pros and cons behind each decision during the SOC-building process
Table of contents
- Cover
- Title page
- Table of Contents
- Copyright
- Author Biography
- Technical Editor Biography
- Foreword
- Acknowledgments
-
Chapter 1: Efficient operations
- Abstract
- Defining an operations center
- Purpose of the operations center
- Emergency operations center
- Mission operations center
- Threat operations center
- Network operations center
- Let us build a SOC!
- Technology phase
- Organizational phase
- Policy phase
- Operational phase
- Intelligence phase
- Plan your SOC
- Logs
- Event
- Alerts
- False positive
- True positive
- False negative
- True negative
- Incidents
- Problems
- Define your requirements
- Summary
-
Chapter 2: Identify your customers
- Abstract
- Internal versus external customers
- Human resources
- Legal
- Audit
- Engineering/R&D
- IT
- External customers
- Customer objectives
- Service level agreements
- Build and document your use cases
- Use case: unauthorized modification of user accounts
- Stakeholders: compliance and audit departments
- Use case: disabled user account reactivated
- Stakeholders: HR and IT
- Use case: any IDS event that scores over a severity of 7
- Use case: AV failure
- Stakeholders: desktop support team, IT server management teams
- Use case: security device outage
- Stakeholders: security and IT
- Use case rule summary
- Use case: top vulnerabilities detected in the network
- Stakeholders: security, IT, audit, and management
- Use case reporting summary
- Expectations
-
Chapter 3: Infrastructure
- Abstract
- Organizational infrastructure > operations infrastructure > support infrastructure
- Organizational security infrastructure
- Perimeter defenses
- Network defense
- Host defenses
- Application defenses
- Data defense
- Policies and procedures
- Security architecture
- SIEM/log management
- Operation center infrastructure
- Building the ticket system
- Subject
- Parsed values from events
- Time ticket created
- User\group\queue
- Source (SIEM, email, phone)
- Category
- Status
- Reason codes
- Acknowledgment/ticket feedback
- Workflow and automation
- Portal interface
- Mobile devices
- Support infrastructure
- Physical
- Private SOC network
- Video walls
- Video projectors
- Labs
- Chapter 4: Organizational structure
-
Chapter 5: Your most valuable resource is your people
- Abstract
- Operational security
- Culture
- Personality
- Core skill sets
- Analysts
- Security analyst—job description
- Security engineering
- Security operations engineer—job description
- Security architect
- Security architect—job description
- SOC team lead
- SOC team lead—job description
- SOC management
- SOC manager—job description
- SOC games
- Special projects
- Do not forget your people
-
Chapter 6: Daily operations
- Abstract
- Problem and change event communications
- Shift turn overs
- Daily operations calls
- Critical bridges
- IR
- Detection
- Confirmation
- Analysis
- Containment
- Recovery
- Review
- Communication plan
- Regular workshops
- Checklists
- Shift schedules
- Types of shift schedules
- Other shift options
- Follow the sun
- Shift rotation
- Dealing with absenteeism
- Chapter 7: Training
- Chapter 8: Metrics
- Chapter 9: Intelligence
- Chapter 10: Outsourcing
- Chapter 11: Do not forget why you are here
- Appendix A
- Appendix B
- Appendix C
- Glossary
- Index
Product information
- Title: Designing and Building Security Operations Center
- Author(s):
- Release date: November 2014
- Publisher(s): Syngress
- ISBN: 9780128010969
You might also like
book
Security Operations Center: Building, Operating and Maintaining your SOC
This is the Rough Cut version of the printed book. This is the first complete guide …
book
Designing a HIPAA-Compliant Security Operations Center: A Guide to Detecting and Responding to Healthcare Breaches and Events
Develop a comprehensive plan for building a HIPAA-compliant security operations center, designed to detect and respond …
book
Security Policies and Implementation Issues, 3rd Edition
PART OF THE NEW JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES Security Policies …
book
Foundations of Information Security
In this high-level survey of the information security field, best-selling author Jason Andress covers the basics …