book

The Modern Security Operations Center: The People, Process, and Technology for Operating SOC Services

by Joseph Muniz, Aamir Lakhani, Omar Santos, Moses Frost

May 2021

Intermediate to advanced

752 pages

23h 46m

English

Addison-Wesley Professional

Read now

Unlock full access

VisionWho Should Read This Book?How This Book Is OrganizedBook Structure

Introducing the SOCFactors Leading to a Dysfunctional SOCCyberthreatsInvesting in SecurityThe Impact of a BreachEstablishing a BaselineFundamental Security CapabilitiesStandards, Guidelines, and FrameworksIndustry Threat ModelsVulnerabilities and RiskBusiness ChallengesIn-House vs. OutsourcingSOC ServicesSOC Maturity ModelsSOC Goals AssessmentSOC Capabilities AssessmentSOC Development MilestonesSummaryReferences
Mission Statement and Scope StatementDeveloping a SOCSOC ProceduresSecurity ToolsPlanning a SOCDesigning a SOC FacilityNetwork ConsiderationsDisaster RecoverySecurity ConsiderationsInternal Security ToolsGuidelines and Recommendations for Securing Your SOC NetworkSOC ToolsSummaryReferences
Fundamental SOC ServicesThe Three Pillars of Foundational SOC Support ServicesSOC Service AreasSOC Service Job GoalsService Maturity: If You Build It, They Will ComeSOC Service 1: Risk ManagementSOC Service 2: Vulnerability ManagementSOC Service 3: ComplianceSOC Service 4: Incident ManagementSOC Service 5: AnalysisSOC Service 6: Digital ForensicsSOC Service 7: Situational and Security AwarenessSOC Service 8: Research and DevelopmentSummaryReferences
Career vs. JobDeveloping Job RolesSOC Job RolesNICE Cybersecurity Workforce FrameworkRole TiersSOC Services and Associated Job RolesSoft SkillsSecurity Clearance RequirementsPre-InterviewingInterviewingOnboarding EmployeesManaging PeopleJob RetentionTrainingCertificationsCompany CultureSummaryReferences
Data in the SOCData-Focused AssessmentLogsSecurity Information and Event ManagementTroubleshooting SIEM LoggingAPIsBig DataMachine LearningSummaryReferences
Why Exceeding CompliancePoliciesLaunching a New PolicyPolicy EnforcementProceduresTabletop ExerciseStandards, Guidelines, and FrameworksAuditsAssessmentsPenetration TestIndustry ComplianceSummaryReferences
Threat Intelligence OverviewThreat Intelligence CategoriesThreat Intelligence ContextEvaluating Threat IntelligencePlanning a Threat Intelligence ProjectCollecting and Processing IntelligenceActionable IntelligenceFeedbackSummaryReferences
Security IncidentsIncident Response LifecyclePhase 1: PreparationPhase 2: Detection and AnalysisPhase 3: Containment, Eradication, and RecoveryDigital ForensicsPhase 4: Post-Incident ActivityIncident Response GuidelinesSummaryReferences
Vulnerability ManagementMeasuring VulnerabilitiesVulnerability TechnologyVulnerability Management ServiceVulnerability ResponseVulnerability Management Process SummarizedSummaryReferences
Introduction to Data OrchestrationSecurity Orchestration, Automation, and ResponseEndpoint Detection and ResponsePlaybooksAutomationDevOps ProgrammingDevOps ToolsBlueprinting with OsqueryNetwork ProgrammabilityCloud ProgrammabilitySummaryReferences
All Eyes on SD-WAN and SASEIT Services Provided by the SOCFuture of TrainingFull Automation with Machine LearningFuture of Your SOC: Bringing It All TogetherSummaryReferences

Content preview from The Modern Security Operations Center: The People, Process, and Technology for Operating SOC Services

Chapter 6 Reducing Risk and Exceeding Compliance

All I want is compliance with my wishes, after reasonable discussion.

—Winston Churchill

This chapter focuses on various forms of compliance. Compliance by definition is to meet governing regulatory or contractual requirements. Requirements can come from an organization’s leadership, such as a corporate-mandated policy, which would be considered a policy based on corporate compliance. Another possible requirement is meeting a legal obligation, which would be government-based regulatory or statutory compliance. Lastly, a compliance requirement can be industry compliance, meaning leadership sets the goal to meet a general recommendation. Not being compliant with a government-required policy will ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Security Operations Center: Building, Operating, and Maintaining your SOC

Publisher Resources

ISBN: 9780135619858

The Modern Security Operations Center: The People, Process, and Technology for Operating SOC Services

by Joseph Muniz, Aamir Lakhani, Omar Santos, Moses Frost

Chapter 6

Reducing Risk and Exceeding Compliance

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

Security Operations Center: Building, Operating, and Maintaining your SOC

Foundations of Information Security

Cybersecurity Risk Management

ISO 27001/ISO 27002 - A guide to information security management systems

Publisher Resources

Chapter 6

Reducing Risk and Exceeding Compliance

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,and much more.

You might also like

Security Operations Center: Building, Operating, and Maintaining your SOC

Foundations of Information Security

Cybersecurity Risk Management

ISO 27001/ISO 27002 - A guide to information security management systems

Publisher Resources

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.