1. What is a Security Operations Center (SOC)?A SOC can be defined both as a team, often operating in shifts
around the clock, and a facility dedicated to and organized to prevent,
detect, assess and respond to cybersecurity threats and incidents, and
to fulfill and assess regulatory compliance (Deshpande, 2017).An effective SOC should have characteristics such as:
executive sponsorship in the form of the sponsor signing the SOC mission, and the SOC team providing updates to the sponsor;an established governance structure, which includes metrics to measure the effectiveness of the SOC capabilities;access to the data and systems for the SOC team so they can perform
the necessary tasks before, during, and after an incident; andthe proper budget to accommodate the designated services provided,
operation hours, and needed skill sets (Muniz, McIntyre, & AlFardan,
Establishing a SOC supports the requirement of managing the
organizations security risk and improves the incident response
capabilities (Muniz et al., 2015).2. What is incident response?Incident response is the ability to properly respond to security
incidents in an orderly and efficient manner, which allows organizations
to both limit the damage of a potential cyberattack and also recover
from the associated damage that is caused (Johansen, 2017).The incident response process is made up of four phases:
preparation, during which you prepare to handle an incident and ensure proper measures are in place to prevent incidents;detection and analysis, during which you detect an anomaly and determine if an incident has occurred;containment, eradication, and recovery, during which you determine a
containment strategy based on the incident, gather evidence if
necessary, return systems back to normal operational state; andpost-incident activity, during which you analyze how the incident
was handled and look for any ways the process could be improved
(Cichonski, Millar, Grance, & Scarfone, 2012).
3. How will a SOC improve Sifers-Graysons incident response?Centralized monitoring will improve incident prevention by ensuring
all systems are operational and up-to-date with the proper security
patches.Monitored systems logs and alarms will ensure incidents are detected quickly to stop or minimize any potential harm.SOC personnel can be trained to effectively analyze potential
incidents to ensure the incident response team is not flooded with false
positives.4. How can the costs of a SOC be reduced?There may already be Sifers-Grayson personnel ready to fill the role of incident responder or SOC analyst (Torres, 2015).Some of the SOC skills and tasks can be outsourced (Muniz et al., 2015).References:Cichonski, P., Millar, T., Grance, T., & Scarfone, K. (2012, August). Computer security incident handling guide (NIST Special Publication 800-61, Rev. 2). doi:10.6028/NIST.SP.800-61r2Deshpande, S. (2017, October 12). Security operations centers and their role in cybersecurity. Gartner Newsroom. Retrieved from https://www.gartner.com/newsroom/id/3815169Johansen, G. (2017, July 24). Digital forensics and incident response. Birmingham, UK: PacktMuniz, J., McIntyre, G., & AlFardan, N. (2015, October 29). Security operations center: Building, operating, and maintaining your SOC. Indianapolis, IN: Cisco PressTorres, A. (2015, May). Building a world-class security operations center: A roadmap [Whitepaper]. SANS Institute InfoSec Reading Room.
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.Read more
Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.Read more
Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.Read more
Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.Read more
By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.Read more