Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Azimuth
Viewer III
‎10-17-2017 12:15 PM
‎10-17-2017 12:15 PM

Security Operations Center

Folks, do you know, by chance, applicable standards or best practices for building and/or evaluation of Security Operations Centers (SOCs)? thanks everyone in advance!
Reply
9 Replies
cec0172
Newcomer II
‎10-17-2017 01:23 PM
‎10-17-2017 01:23 PM

Alienvault has a publication you can download for free. 

"How to Build a Security Operations Center (on a Budget)"

https://www.alienvault.com/resource-center/ebook/how-to-build-a-security-operations-center

 

Its not a bad book to start. 

Realize that if do you give them your contact information they will call. 

 

Good Luck,

CEC

 

Reply
azhuk
Newcomer II
‎10-18-2017 12:01 AM
‎10-18-2017 12:01 AM

Hello Azimuth,

 

I am not sure about any standards, but here are a few resources that should help you get started:

 

1. SANS Whitepaper "Building a World-Class Security Operations Center: A Roadmap."

 

2. Logrythm Whitepaper "How to Build a SOC with Limited Resources" (you will have to provide your contact info to download, but you might find it useful enough. The paper is full of diagram including a "Cost Comparisons of Various SOC Staffing Models" matrix.

 

3. For in-depth overview of the subject, here is a 200-page book "Security Operations Center Guidebook: A Practical Guide for a Successful SOC."

 

4. Just found this webinar recording and am updating my comment to include the link: "How to Run a Business-Driven SOC" by InfoSecurity Magazine.

 

I hope this helps. Please let me know if you need any additional help. Good luck!

Reply
Greg
Reader I
‎10-18-2017 03:29 PM
‎10-18-2017 03:29 PM

In addition to the other wonderful suggestions from our fellow members, there exists an excellent write up on SOCs by MITRE: 

 

https://www.mitre.org/sites/default/files/publications/pr-13-1028-mitre-10-strategies-cyber-ops-cent...

Reply
azhuk
Newcomer II
‎10-18-2017 04:41 PM
‎10-18-2017 04:41 PM

Thank you Greg for sharing an awesome source of practical wisdom!

Reply
Jackson-munuo
Newcomer I
‎12-26-2017 01:17 PM
‎12-26-2017 01:17 PM

Thank you for sharing some of this material. Would you by any chance have templates or examples of SOC policies and procedures or a runbook that you can share as well? I am more specifically looking for:

 

  • Event log Monitoring
  • Notification
  • Incident logging
  • Event Classification and Triage
  • Prioritization and Analysis
  • Remediation and Recovery
  • Assessment and Audit
  • Dashboards and Reporting
  • Incident Investigation
Reply
0 Kudos
adubey2321
Viewer II
‎08-29-2018 05:28 AM
‎08-29-2018 05:28 AM

Nice Article...its very Helpful for the users.

Reply
0 Kudos
Markonweb
Newcomer II
‎08-29-2018 04:41 PM
‎08-29-2018 04:41 PM

A 2018 SANS survey on SOCs provides some interesting data points and metrics https://www.sans.org/reading-room/whitepapers/analyst/definition-soc-cess-2018-security-operations-c...

Best, Mark
CISSP-ISSAP ISSEP ISSMP CAP CCSP CSSLP HCISPP SSCP CCISO CISM CRISC CISA FITSP-M FITSP-A FIP CIPP/G CIPP/US CIPM CIPT SCF CCSK ITIL-F Cloud+ Security+ AWS-SAA
Reply
Ramon
Newcomer II
‎09-23-2018 09:34 AM
‎09-23-2018 09:34 AM

In my opinion setting up a SOC isn't something you should take lightly. I'dd love the challenge and experience to set up a SOC for my company but once you have a SOC the time to invest and knowledge to keep up I decided it's best to use a SOC-As-A Service from an experienced specialist.

Reply
Shannon
Community Champion
‎09-23-2018 09:45 AM
‎09-23-2018 09:45 AM

@Ramon wrote:

In my opinion setting up a SOC isn't something you should take lightly. I'dd love the challenge and experience to set up a SOC for my company but once you have a SOC the time to invest and knowledge to keep up I decided it's best to use a SOC-As-A Service from an experienced specialist.

Exactly. In my current organization, after I listed resources required for an in-house SOC, doing a costs-benefits analysis led to us going in for a Managed Security Services provider for the SOC...

 

 

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz
Reply