book

Designing and Building Security Operations Center

Name: Designing and Building Security Operations Center
Author: David Nathans
ISBN: 9780128010969

by David Nathans

November 2014

Intermediate to advanced

276 pages

9h 44m

English

Syngress

Read now

Unlock full access

Cover
Title page
Table of Contents
Copyright
Author Biography
Technical Editor Biography
Foreword
Acknowledgments
Chapter 1: Efficient operations
AbstractDefining an operations centerPurpose of the operations centerEmergency operations centerMission operations centerThreat operations centerNetwork operations centerLet us build a SOC!Technology phaseOrganizational phasePolicy phaseOperational phaseIntelligence phasePlan your SOCLogsEventAlertsFalse positiveTrue positiveFalse negativeTrue negativeIncidentsProblemsDefine your requirementsSummary
Chapter 2: Identify your customers
AbstractInternal versus external customersHuman resourcesLegalAuditEngineering/R&DITExternal customersCustomer objectivesService level agreementsBuild and document your use casesUse case: unauthorized modification of user accountsStakeholders: compliance and audit departmentsUse case: disabled user account reactivatedStakeholders: HR and ITUse case: any IDS event that scores over a severity of 7Use case: AV failureStakeholders: desktop support team, IT server management teamsUse case: security device outageStakeholders: security and ITUse case rule summaryUse case: top vulnerabilities detected in the networkStakeholders: security, IT, audit, and managementUse case reporting summaryExpectations

Chapter 3: Infrastructure
AbstractOrganizational infrastructure > operations infrastructure > support infrastructureOrganizational security infrastructurePerimeter defensesNetwork defenseHost defensesApplication defensesData defensePolicies and proceduresSecurity architectureSIEM/log managementOperation center infrastructureBuilding the ticket systemSubjectParsed values from eventsTime ticket createdUser\group\queueSource (SIEM, email, phone)CategoryStatusReason codesAcknowledgment/ticket feedbackWorkflow and automationPortal interfaceMobile devicesSupport infrastructurePhysicalPrivate SOC networkVideo wallsVideo projectorsLabs
Chapter 4: Organizational structure
AbstractDifferent reporting linesLegalCISOCIOComplianceSOC organizationEngineeringSecurity architectureSecurity monitoring and analysisResponsibilityAuthorityFulfilling needs
Chapter 5: Your most valuable resource is your people
AbstractOperational securityCulturePersonalityCore skill setsAnalystsSecurity analyst—job descriptionSecurity engineeringSecurity operations engineer—job descriptionSecurity architectSecurity architect—job descriptionSOC team leadSOC team lead—job descriptionSOC managementSOC manager—job descriptionSOC gamesSpecial projectsDo not forget your people
Chapter 6: Daily operations
AbstractProblem and change event communicationsShift turn oversDaily operations callsCritical bridgesIRDetectionConfirmationAnalysisContainmentRecoveryReviewCommunication planRegular workshopsChecklistsShift schedulesTypes of shift schedulesOther shift optionsFollow the sunShift rotationDealing with absenteeism
Chapter 7: Training
AbstractInternal functional trainingInternal skill set trainingSummary
Chapter 8: Metrics
AbstractHeads up displaySupervisor metricsVulnerabilitiesVulnerability prioritizingBase CVSS2 thresholdTemporal CVSS2 thresholdAsset prioritizing as a part of metricsHistorical monitoring of patches
Chapter 9: Intelligence
AbstractKnow thyselfKnown IP space, know thy enemyBlacklistsBlack listing projectsOther types of listsOrganizations and industry partnersProactive activity monitoring
Chapter 10: Outsourcing
AbstractTypes of MSSPsAdvantages of MSSP outsourcingDisadvantages to MSSP outsourcingHow the services will be deliveredSummary
Chapter 11: Do not forget why you are here
Abstract
Appendix A
Appendix B
Appendix C
Glossary
Index

Overview

Do you know what weapons are used to protect against cyber warfare and what tools to use to minimize their impact? How can you gather intelligence that will allow you to configure your system to ward off attacks? Online security and privacy issues are becoming more and more significant every day, with many instances of companies and governments mishandling (or deliberately misusing) personal and financial data.

Organizations need to be committed to defending their own assets and their customers’ information. Designing and Building a Security Operations Center will show you how to develop the organization, infrastructure, and capabilities to protect your company and your customers effectively, efficiently, and discreetly.

Written by a subject expert who has consulted on SOC implementation in both the public and private sector, Designing and Building a Security Operations Center is the go-to blueprint for cyber-defense.

Explains how to develop and build a Security Operations Center
Shows how to gather invaluable intelligence to protect your organization
Helps you evaluate the pros and cons behind each decision during the SOC-building process

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Aligning Security Operations with the MITRE ATT&CK Framework

Rebecca Blair

Open-Source Security Operations Center (SOC)

Alfred Basta, Nadine Basta, Waqar Anwar, Mohammad Ilyas Essar

Designing a HIPAA-Compliant Security Operations Center: A Guide to Detecting and Responding to Healthcare Breaches and Events

Eric C. Thompson

Security Operations Center: Building, Operating, and Maintaining your SOC

Joseph Muniz, Gary McIntyre, Nadhem AlFardan

Publisher Resources

ISBN: 9780128008997

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills