Draft of Chapter 7 of my book “Cybersecurity Arm Wrestling – Winning the perpetual fight against crime by building a modern Security Operations Center” is complete and available for download. This chapter is about “Operate” part of the “Plan-Design-Build-Operate” strategy and covers such areas like:
- SOC governance
- Human Resource management
- Incident Detection and Response
- Managing SOC technology infrastructure
- Build and Improve use cases
- Dealing with stress and SOC burnout
- SOC reporting and metrics
- SOC and meeting compliance needs
- SOC best practices and pitfalls
The chapter summary and recommendations include:
- Importance of SOC governance can’t be emphasized enough. This is the most critical success factor for long-term success.
- Hiring the right kind of people, training, managing their stress levels, and scheduling shifts is very critical as well.
- The most important process for SOC is incident detection and response. Building and improving use cases, automation and use of SOAR technologies is part of it.
- Applying ITIL processes to manage SOC infrastructure is quite important.
- Meaningful metrics, automated reports, and dashboards do help not only in meeting compliance needs but also facilitate effective communications across broader IT teams as well as business leadership.
- Last, but not the least, maintain a risk register, plan for next year, and always be ready to respond to data breaches.
The chapter can be download from the link below. However please note that this is a draft and will be updated in the final version of the book.