First, let the extract of an SOC workflow (next graphic) takes effect on you (the shift transfer, the daily routine tasks and the end of the shift are missing for a better overview). Please remember, the SOC handles the fast processing of events. If these are known – or easy to solve – this is forwarded from the SOC to the relevant division (IT-Security, Networking, Servers etc.). If events are not easy to solve or completely unknown, they will be […]
If you have read my blog carefully, the article about the C4ISR Methodology will surely stick in your mind. Many of the military procedures we can take for our plan – to build a functioning SOC / CSIRT / forensics team of course with some changes. Let’s define the necessary elements: SOC (according to English Wikipedia, italic: according to my methodology) A Security Operations Center (SOC) is a central unit that deals with security issues at the organizational and technical levels. […]
C⁴ISR stands for command and control, communications, computers, intelligence, surveillance, and reconnaissance. Since 2005 I have been building or reorganizing SOC’s (Security Operation Centers) and establishing CSIRT’s (Cyber Security Incident Teams), among others for Saudi Telekom and Saudi Aramco (during my time in Saudi Arabia) and at RadarServices GmbH in Vienna as Global SOC Manager, with up to 30 SOC employees in 24×7 operation or Follow the Sun (at 3 locations in the world with 8h difference each) principle. What […]
Recent Comments