cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Azimuth
Viewer III

Security Operations Center

Folks, do you know, by chance, applicable standards or best practices for building and/or evaluation of Security Operations Centers (SOCs)? thanks everyone in advance!
9 Replies
cec0172
Newcomer II

Alienvault has a publication you can download for free. 

"How to Build a Security Operations Center (on a Budget)"

https://www.alienvault.com/resource-center/ebook/how-to-build-a-security-operations-center

 

Its not a bad book to start. 

Realize that if do you give them your contact information they will call. 

 

Good Luck,

CEC

 

azhuk
Newcomer II

Hello Azimuth,

 

I am not sure about any standards, but here are a few resources that should help you get started:

 

1. SANS Whitepaper "Building a World-Class Security Operations Center: A Roadmap."

 

2. Logrythm Whitepaper "How to Build a SOC with Limited Resources" (you will have to provide your contact info to download, but you might find it useful enough. The paper is full of diagram including a "Cost Comparisons of Various SOC Staffing Models" matrix.

 

3. For in-depth overview of the subject, here is a 200-page book "Security Operations Center Guidebook: A Practical Guide for a Successful SOC."

 

4. Just found this webinar recording and am updating my comment to include the link: "How to Run a Business-Driven SOC" by InfoSecurity Magazine.

 

I hope this helps. Please let me know if you need any additional help. Good luck!

Greg
Reader I

In addition to the other wonderful suggestions from our fellow members, there exists an excellent write up on SOCs by MITRE: 

 

https://www.mitre.org/sites/default/files/publications/pr-13-1028-mitre-10-strategies-cyber-ops-cent...

azhuk
Newcomer II

Thank you Greg for sharing an awesome source of practical wisdom!

Jackson-munuo
Newcomer I

Thank you for sharing some of this material. Would you by any chance have templates or examples of SOC policies and procedures or a runbook that you can share as well? I am more specifically looking for:

 

  • Event log Monitoring
  • Notification
  • Incident logging
  • Event Classification and Triage
  • Prioritization and Analysis
  • Remediation and Recovery
  • Assessment and Audit
  • Dashboards and Reporting
  • Incident Investigation
adubey2321
Viewer II

Nice Article...its very Helpful for the users.

Markonweb
Newcomer II

A 2018 SANS survey on SOCs provides some interesting data points and metrics https://www.sans.org/reading-room/whitepapers/analyst/definition-soc-cess-2018-security-operations-c...

Best, Mark
CISSP-ISSAP ISSEP ISSMP CAP CCSP CSSLP HCISPP SSCP CCISO CISM CRISC CISA FITSP-M FITSP-A FIP CIPP/G CIPP/US CIPM CIPT SCF CCSK ITIL-F Cloud+ Security+ AWS-SAA
Ramon
Newcomer II

In my opinion setting up a SOC isn't something you should take lightly. I'dd love the challenge and experience to set up a SOC for my company but once you have a SOC the time to invest and knowledge to keep up I decided it's best to use a SOC-As-A Service from an experienced specialist.

Shannon
Community Champion


@Ramon wrote:

In my opinion setting up a SOC isn't something you should take lightly. I'dd love the challenge and experience to set up a SOC for my company but once you have a SOC the time to invest and knowledge to keep up I decided it's best to use a SOC-As-A Service from an experienced specialist.


Exactly. In my current organization, after I listed resources required for an in-house SOC, doing a costs-benefits analysis led to us going in for a Managed Security Services provider for the SOC...

 

 

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz