The SOC is responsible for the continuous identification and remediation of threats that occur on your enterprise network. If this seems familiar, it should be, as this comes from the previous chapter on incident response. Typically, it is your SOC team that will be charged with executing substantial portions of the incident response plan. Therefore, most well planned SOCs mirror much of the process that is defined in an organization's incident response plan.

Regardless of the size of your organization, the necessity to develop an effective security operations center is essential. A security operations center is an incredibly important part of your overall information security program investment and is a key component in ensuring that your organization is being properly protected from internal and external threats.

The SOC capabilities that you can implement are directly tied to your organization's personnel resources, funding, and so on. This means that a startup will have a very different looking SOC then a multi-billion dollar a year in revenue manufacturer. Regardless of your size, it is important that you determine how you will go about implementing the concepts of an SOC. If you are a small organization, determine how you can have a high level of visibility in your information system and how you will react if you find anomalies. This, of course, must be rightsized into your available resources and your business expectations.

As mentioned previously, the security operations center has similarities related to the physical security world. Most businesses, even small business, have some sort of physical alarm system and nearly all businesses have locks on the doors. The security operations center provides the necessary protections for an organization's data and information system investments. An organization should invest in their security operations center commensurate with the value of the data they are attempting to protect.