Security Operations Center Roles and Responsibilities

1
The SOC Team

• Roles Responsibilities

2
Introduction

• Building an effective security operations center
  (SOC) is crucial for organizations of all sizes.
  Just like the companies themselves, every
  security team is different. Companies that
  recognize the importance of cybersecurity will
  invest the necessary amount to ensure that their
  data and systems remain safe and that their SOC
  team has the resources necessary to deal with
  threats.

3
Security Operation Center

• The security operations center roles and
  responsibilities are fairly straight-forward, but
  distinct in their requirements.
• On the whole, organizations have had a tendency
  to undervalue cybersecurity. Security operations
  teams face myriad challenges they are often
  understaffed, overworked, and receive little
  visibility from upper management.

4
Significance Of Cyber Security

• If these companies knew what was at stake, you
  can bet that they would be willing to make larger
  investments in their SOC and team members. With
  new high-profile attacks capturing headlines
  daily, organizations are starting to emphasize
  the significance of cyber security automation and
  the security operations center is becoming a
  valued focal point.

5
Security Operations Center Roles and
Responsibilities

• Although all SOC teams may differ a bit from one
  another, most have roughly the same roles and
  responsibilities. Lets take a look at the basic
  roles and responsibilities of every SOC team. The
  average SOC team has many responsibilities that
  they are expected to manage across a number of
  roles. Typically SOC teams have positions that
  cover two basic responsibilities maintaining
  security monitoring tools and investigating
  suspicious activities.

6
Maintaining Security Monitoring Tools

• To effectively secure and monitor a system, there
  are many tools that the team must maintain and
  update on a regular basis. Without proper tools,
  it is impossible to effectively secure systems
  and networks. The security operations center
  roles and responsibilities require team members
  to maintain tools used throughout all security
  processes. This includes the collection of data.

7
Investigate Suspicious Activities

• With the help of tools mentioned above, the SOC
  team is responsible for investigating suspicious
  and potentially malicious activity within the
  networks and systems. Typically, your SIEM or
  analytics software will make them aware of
  potential issues by issuing alerts. Your team of
  analysts then examine the alerts, perform triage,
  and determine the scope of the threat.

8
Security Operations Center Roles and Positions

• Although the roles at any company may have
  different names, all organizations have similar
  responsibilities when it comes to cybersecurity.
  Here are the more common roles within a SOC team
  and the individual responsibilities that are
  associated with each role.

9
Security Analyst

• Security analysts are typically the first
  responders to incidents. They are the soldiers on
  the front lines fighting against cyber attacks
  and analyzing threats. In short, their job is to
  detect threats, investigate those threats, and
  respond to them in a timely fashion.
  Additionally, analysts may have responsibilities
  that involve implementing security measures as
  dictated by management.

10
Additional Roles

• Ofter times, larger security organizations have
  roles such as director incident response and/or
  director of threat intelligence. The director of
  incident response simply oversees and prioritizes
  actionable steps during the detection of an
  incident. The incident response manager oversees
  and prioritizes actions during the detection,
  analysis, and containment of an incident. T

11
Chief Information Security Officer

• Larger companies may have entire teams dedicated
  to this task. Typically, a CISO reports directly
  to the CEO and has direct contact with all of
  upper management. CISO positions go far past
  technical skills and also require communicating
  complicated issues to upper management that may
  not be knowledgeable in technical matters.

12
Conclusion

• Given the roles and complexity within a SOC it is
  wildly essential to provide visibility across the
  board. Its also important to be mindful that a
  solid SOC is 24/7 and multiple shifts and
  managing the workflow handoff seamlessly and
  prudently is a must. Defining the policies and
  procedures that govern individuals that are part
  of this team should be an ongoing process to
  better serve the team and organization as a
  whole.