10 Inside the security operations center

This chapter covers

Differentiating between logging and monitoring, applying our three concepts of cybersecurity
Working through some real-life security incidents, learning how to apply the observe, orient, detect, and act (OODA) loop and the three concepts to incidents
The different external intelligence data feeds we can use, how they work, and how they can be both beneficial and detrimental to our security capability

Visibility of security events gives defenders a head start on addressing security incidents and is the difference between reading the news or being on the news. Our security operations capability is the best view we have of how effective our IT (development, spend, and strategy) is and ...

Get Making Sense of Cybersecurity now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Making Sense of Cybersecurity by Thomas Kranz

10 Inside the security operations center

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly