Chapter 11. Reacting to Events and Incidents
“It’s not stress that kills us, it is our reaction to it.”—Hans Selye
At their core, every SOC is in place to provide the capability to detect and investigate events, identify potential security incidents, and respond to such incidents as they occur. As discussed in previous chapters, whether the SOC can provide these services effectively depends on great people, good supporting process, and well-deployed and managed technologies.
In this chapter, you learn how the people, processes, and technology parts of an effective SOC come together to react to events and incidents. The chapter examines what events are in the context of a SOC and the different ways we look at such events to determine whether they ...