Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 440
  • Last Modified:

Setting up Security Operations Center (SOC)

My company is going to setup a SOC.  I would like to know if there are any good practical references for designing the processes and establishing the related procedures.

Thanks.
0
kwlol
Asked:
kwlol
  • 3
1 Solution
 
btanExec ConsultantCommented:

Actually ENISA and NIST have good reference in the incident response guidelines which is essential to setting up the SOC as well

a) check out the role, framework and workflow
http://www.enisa.europa.eu/act/cert/support/guide

b) Information sharing - Setting up of WARP and knowing the traffic light protocol
http://www.warp.gov.uk/set-up-warp.html
http://www.warp.gov.uk/run-a-warp.html
http://www.enisa.europa.eu/act/cert/background/coop/ideas-for-future/recommendations/info-handling

c) Arsenal to be equipped
http://www.enisa.europa.eu/act/cert/support/chiht
http://www.experts-exchange.com/ITPro/Consulting/Q_27309561.html

Overall, it really depends on how comprehensive but have the tier support and necessary contacts, technology to automate in each tier of incident handling will help. Importantly, getting mgmt approval and IT support would be critical too. But potentially, the (eyes and ear) network monitoring and response will be the fundamental task to isolate and mitigate damages promptly while the (brain) analysis and evaluation to prevent further future impact would be another stage for SOC but typically an intelligence handling arm will handle it.

importantly, SOC may be audited as well. Below is audit finding of USCERT - good to learn and be aware of lessons highlighted

http://fcw.com/articles/2010/09/09/us-cert-riddled-with-security-holes.aspx
0
 
btanExec ConsultantCommented:
0
 
kwlolAuthor Commented:
i would like to know if we are going to have 10 different customers for helping them to monitor their devices thru a sensor (at each site) from our SOC.  Do we need to subscribe 10 leased lines, with 10 different routers stacked in our SOC? Would Metroethernet benefit us on this case?

Thanks.
0
 
btanExec ConsultantCommented:
Actually i am thinking of there is sending of the real time traffic log sync from sensor to a logging server and load balancer fronting the data centre that would be receiving or pulling from the designated log service. the network would be leased and dedicated so as not to have high latency sine we are saying near real time update.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now