Defining scope for the SOC is crucial for its success and to determine stakeholders for the SOC. The scope will help determine cost, associates needed to run the SOC, SOC processes and many other areas as listed below:
Sometime back I published an article “What it Really Takes to Stand up a SOC”. This included a MindMap showing everything you need to consider while making a decision about establishing an internal Security Operations Center. Take a look at the PDF Download link for this MindMap. Since then, many people have asked questions about estimating budget for standing up an internal SOC. Read more →
Image credit Pixabay
Budget estimates are a major part of SOC business case. A typical budget will consist of capital cost, payroll expenses, and annual recurring costs. The budget estimates also helps in making decision about build an internal SOC or using SOC as a Service. Following is a summary of three major cost components. Read more →
Photo credit pixabay
Building a successful security operations center is a significant undertaking. One needs to consider a number of aspects when making a strategic decision about SOC implementation. To cover major SOC considerations, we are going to publish multiple articles about building SOC. This is the first one of the series.
Success of SOC is a combination of good planning, selection of appropriate tools, executive sponsorship, and a strong focus on people working in SOC
The objective of this article is to paint a very high level picture about SOC components and general considerations. Following are few ideas to think about before starting your SOC journey. Read more →
Image Credit Pexels
Building a SOC is on every organization’s TODO list these days, at least since the Target breach if not before. Following are few unique characteristics about the SOC that I have observed from my experience of building a SOC in last three years.
The SOC team has an interactive role within the team as well as with the broader IT organization. As a team, you are always being tested. You are tested by your internal users, as well as by your adversaries (outside hackers) on a continuous basis. Read more →