Security Operations Center Roles and Responsibilities - PowerPoint PPT Presentation

View by Category
About This Presentation
Title:

Security Operations Center Roles and Responsibilities

Description:

Ofter times, larger security organizations have roles such as director incident response and/or director of threat intelligence. The director of incident response simply oversees and prioritizes actionable steps during the detection of an incident. Visit - – PowerPoint PPT presentation

Number of Views:11

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Security Operations Center Roles and Responsibilities


1
The SOC Team
  • Roles Responsibilities

2
Introduction
  • Building an effective security operations center
    (SOC) is crucial for organizations of all sizes.
    Just like the companies themselves, every
    security team is different. Companies that
    recognize the importance of cybersecurity will
    invest the necessary amount to ensure that their
    data and systems remain safe and that their SOC
    team has the resources necessary to deal with
    threats.

3
Security Operation Center
  • The security operations center roles and
    responsibilities are fairly straight-forward, but
    distinct in their requirements.
  • On the whole, organizations have had a tendency
    to undervalue cybersecurity. Security operations
    teams face myriad challenges they are often
    understaffed, overworked, and receive little
    visibility from upper management.

4
Significance Of Cyber Security
  • If these companies knew what was at stake, you
    can bet that they would be willing to make larger
    investments in their SOC and team members. With
    new high-profile attacks capturing headlines
    daily, organizations are starting to emphasize
    the significance of cyber security automation and
    the security operations center is becoming a
    valued focal point.

5
Security Operations Center Roles and
Responsibilities
  • Although all SOC teams may differ a bit from one
    another, most have roughly the same roles and
    responsibilities. Lets take a look at the basic
    roles and responsibilities of every SOC team. The
    average SOC team has many responsibilities that
    they are expected to manage across a number of
    roles. Typically SOC teams have positions that
    cover two basic responsibilities maintaining
    security monitoring tools and investigating
    suspicious activities.

6
Maintaining Security Monitoring Tools
  • To effectively secure and monitor a system, there
    are many tools that the team must maintain and
    update on a regular basis. Without proper tools,
    it is impossible to effectively secure systems
    and networks. The security operations center
    roles and responsibilities require team members
    to maintain tools used throughout all security
    processes. This includes the collection of data.

7
Investigate Suspicious Activities
  • With the help of tools mentioned above, the SOC
    team is responsible for investigating suspicious
    and potentially malicious activity within the
    networks and systems. Typically, your SIEM or
    analytics software will make them aware of
    potential issues by issuing alerts. Your team of
    analysts then examine the alerts, perform triage,
    and determine the scope of the threat.

8
Security Operations Center Roles and Positions
  • Although the roles at any company may have
    different names, all organizations have similar
    responsibilities when it comes to cybersecurity.
    Here are the more common roles within a SOC team
    and the individual responsibilities that are
    associated with each role.

9
Security Analyst
  • Security analysts are typically the first
    responders to incidents. They are the soldiers on
    the front lines fighting against cyber attacks
    and analyzing threats. In short, their job is to
    detect threats, investigate those threats, and
    respond to them in a timely fashion.
    Additionally, analysts may have responsibilities
    that involve implementing security measures as
    dictated by management.

10
Additional Roles
  • Ofter times, larger security organizations have
    roles such as director incident response and/or
    director of threat intelligence. The director of
    incident response simply oversees and prioritizes
    actionable steps during the detection of an
    incident. The incident response manager oversees
    and prioritizes actions during the detection,
    analysis, and containment of an incident. T

11
Chief Information Security Officer
  • Larger companies may have entire teams dedicated
    to this task. Typically, a CISO reports directly
    to the CEO and has direct contact with all of
    upper management. CISO positions go far past
    technical skills and also require communicating
    complicated issues to upper management that may
    not be knowledgeable in technical matters.

12
Conclusion
  • Given the roles and complexity within a SOC it is
    wildly essential to provide visibility across the
    board. Its also important to be mindful that a
    solid SOC is 24/7 and multiple shifts and
    managing the workflow handoff seamlessly and
    prudently is a must. Defining the policies and
    procedures that govern individuals that are part
    of this team should be an ongoing process to
    better serve the team and organization as a
    whole.
About PowerShow.com