Cyber security operations centre: Security monitoring for protecting business and supporting cyber defense strategy

Abstract: Cyber security operations centre (CSOC) is an essential business control aimed to protect ICT systems and support an organisation's Cyber Defense Strategy. Its overarching purpose is to ensure that incidents are identified and managed to resolution swiftly, and to maintain safe & secure business operations and services for the organisation. A CSOC framework is proposed comprising Log Collection, Analysis, Incident Response, Reporting, Personnel and Continuous Monitoring.Further, a Cyber Defense Strategy, suppo… Show more

“…With the increase in cyber-attacks, the establishment of SOC as organizational monitoring to contain these widespread problems is relevant and a must. [20], [21], [22], [23].…”

“…It must include the incident management, digital forensic and reporting elements to ensure the success of the SOC. Table 2 highlights the comparison between two proposed frameworks of SOCs by [21] and [23].…”

“…Thus, this implies that the range of monitoring, analysis, and response can be categorized as the necessary scope that must exist for a sustainable SOC. In term of threat intelligence, the study by [21] does not mention the threat intelligence in the analysis function.…”

“…In addition to that, the framework in [23] makes essential cyber security functions such as vulnerability scans and penetration testing functions as part of the SOC. This function is not specified in the study by [21] because generally this function can be implemented by the organization's ITC or any qualified third party. The survey by [23] believes that every SOC has different implementation and design and depends on the method of administration of their respective organizations.…”

“…The requirements of the Threat Intelligence function are in line with the knowledge and skills required by Cyber Security Operation Center personnel [6], [7], [8], [20], [21], [22], [23]. The personnel must acquire with required skill and knowledge as it can help them to understand the scenario happens in the incident and react accordingly.…”

Success Factors for Cyber Security Operation Center (SOC) Establishment

“…With the increase in cyber-attacks, the establishment of SOC as organizational monitoring to contain these widespread problems is relevant and a must. [20], [21], [22], [23].…”

“…It must include the incident management, digital forensic and reporting elements to ensure the success of the SOC. Table 2 highlights the comparison between two proposed frameworks of SOCs by [21] and [23].…”

“…Thus, this implies that the range of monitoring, analysis, and response can be categorized as the necessary scope that must exist for a sustainable SOC. In term of threat intelligence, the study by [21] does not mention the threat intelligence in the analysis function.…”

“…In addition to that, the framework in [23] makes essential cyber security functions such as vulnerability scans and penetration testing functions as part of the SOC. This function is not specified in the study by [21] because generally this function can be implemented by the organization's ITC or any qualified third party. The survey by [23] believes that every SOC has different implementation and design and depends on the method of administration of their respective organizations.…”

“…The requirements of the Threat Intelligence function are in line with the knowledge and skills required by Cyber Security Operation Center personnel [6], [7], [8], [20], [21], [22], [23]. The personnel must acquire with required skill and knowledge as it can help them to understand the scenario happens in the incident and react accordingly.…”

Success Factors for Cyber Security Operation Center (SOC) Establishment

Cyber Incident Classification: Issues and Challenges

An Introduction to Security Operations