The security operations center (SOC) serves as your centralized view into your overall enterprise organization infrastructure and individual information systems. The security operations center's goal is to ensure that this view is as real time as possible so that your organization can identify and respond to internal and external threats as quickly as possible, helping to ensure the continued confidentiality, integrity, and availability of your organization's information systems.
Think of the SOC as the technological equivariant of the physical security controls implemented by your organization.
In this chapter, we will be discussing:
- The responsibilities of the security operations center
- Security operations center tool management
- Security operations center tool design
- Security operations center roles
- Security operations center processes and procedures
- Internal versus outsourced security operations center
From the physical security world, you have capabilities, including:
- Guard stations
- Guards
- Cameras
- Motion detectors
These capabilities serve to ensure that individuals cannot have unauthorized physical access to your building and the assets contained therein.
From the information security world, similar SOC capabilities would include:
- SOC facility
- SOC analysts
- The security information and event management (SIEM) tools
- Intrusion prevention and detection tools
The technological capabilities utilized by the SOC provide similar assurance from an information security perspective as their counterparts mentioned previously for physical security. The key difference is that the SOC is primarily interested in monitoring information systems versus physical spaces.