Proceedings Article10.1109/ICONIC.2018.8601251
Integrating a Security Operations Centre with an Organization’s Existing Procedures, Policies and Information Technology Systems
Muyowa Mutemwa,Jabu Mtsweni,Lukhanyo Zimba +2 more
- 01 Dec 2018
22
TL;DR: The challenges of integrating a newly developed SOC to an organization’s existing IT environment and how to show value for the large investments that are poured into designing, building and running an SOC are discussed.
read more
Abstract: A Cybersecurity Operation Centre (SOC) is a centralized hub for network event monitoring and incident response. SOCs are critical when determining an organization’s cybersecurity posture because they can be used to detect, analyze and report on various malicious activities. For most organizations, a SOC is not part of the initial design and implementation of the Information Technology (IT) environment but rather an afterthought. As a result, it is not natively a plug and play component therefore there are integration challenges when a SOC is introduced into an organization. A SOC is an independent hub that needs to be integrated with existing procedures, policies and IT systems of an organization such as the service desk, ticket logging system, reporting, etc. This paper discussed the challenges of integrating a newly developed SOC to an organization’s existing IT environment. Firstly, the paper begins by looking at what data sources should be incorporated into the Security Information and Event Management (SIEM) such as which host machines, servers, network end points, software, applications, webservers, etc. for security posture monitoring. That is, which systems need to be monitored first and the order by which the rest of the systems follow. Secondly the paper also describes how to integrate the organization’s ticket logging system with the SOC SIEM. That is how the cybersecurity related incidents should be logged by both analysts and nontechnical employees of an organization. Also, the priority matrix for incident types and notifications of incidents. Thirdly the paper looks at how to communicate awareness campaigns from the SOC and also how to report on incidents that are found inside the SOC. Lastly the paper looks at how to show value for the large investments that are poured into designing, building and running an SOC.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Security Operations Center: A Systematic Study and Open Challenges
TL;DR: In this article, a comprehensive literature survey is conducted to collate different views of security operations centers (SOCs) and the discovered literature is then used to determine the current state-of-theart of SOCs and derive primary building blocks.
Reconceptualizing cybersecurity awareness capability in the data-driven digital economy
Shahriar Akter,Mohammad Rajib Uddin,Shahriar Sajib,Wai Jin Thomas Lee,Katina Michael,Mohammad Alamgir Hossain +5 more
TL;DR: In this article , the authors identify the various dimensions of cybersecurity awareness capabilities, including personnel (knowledge, attitude and learning), management (training, culture and strategic orientation), and infrastructure capabilities (technology and data governance).
A systematic method for measuring the performance of a cyber security operations centre analyst
TL;DR: In this paper , a weighted approach for measuring the performance of an analyst in a security operations centre (SOC) is proposed, referred to as a SOC analyst assessment method (sOC-AAM), which was evaluated in two SOCs as a part of an experimental case study.
14
SOC Critical Path: A defensive Kill Chain model
01 Jan 2022
TL;DR: In this paper , the concept of SOC Critical Path (SCP) is introduced to detect and neutralize threats in cyber-defensive cyber-operations, which is a technology-independent model that provides an arrangement of mandatory steps, in the form of tactics, to be executed by Computer Network Defense teams to detect hostile cyber operations.
7
Blockade-detection-response based security operations dashboard design
Choong-Hee Han
- 01 Aug 2021
TL;DR: In this article, a security operations dashboard design based on Blockade-Detection-Response (BDR) is proposed to reduce the effort and time required for configuring a dashboard for VIPs, and contribute to the systematic security operations from the perspective of blockade, detection and response for everlasting cyber threats.
5
References
A Message from Recent Engineering Graduates in the Workplace: Results of a Survey on Technical Communication Skills
TL;DR: In this paper, the authors reveal the impact of engineers' communication skills in adjusting to jobs and achieving career goals, and a direct correlation emerges between the amount of technical communication (TC) instruction and career advancement.
265
Developing a cyber threat intelligence sharing platform for South African organisations
Muyowa Mutemwa,Jabu Mtsweni,Njabulo Mkhonto +2 more
- 08 Mar 2017
TL;DR: This paper is a systematic discussion and demonstration of a conceptual cyber threat intelligence sharing model and platform that could stimulate and enable different stakeholders within the Defence environment to seamlessly and collaboratively aggregate, analyse, and timely share contextual and actionable cyber-threat intelligence that could lead to a resilient cybersecurity posture and better protection of the national cyberspace.
30
Development of a semantic-enabled cybersecurity threat intelligence sharing model
Jabu Mtsweni,Nobubele Angel Shozi,Kqwadi Matenche,Muyowa Mutemwa,Njabulo Mkhonto,Joey Jansen van Vuuren +5 more
- 01 Mar 2016
TL;DR: 11th International Conference on Cyber Warfare & Security, 17 - 18 March 2016, Boston University, Boston, USA
11
•Posted Content
Job Security in Developing Countries: A Comparative Perspective
TL;DR: In this paper, the ILO Convention 158 on Termination of Employment has been considered in the context of local legislation and relevant case laws in developing countries in Africa, and the focus of this paper is to consider these various local legislations.
3
Common Framework for Attack Modeling and Security Evaluation in SIEM Systems
Igor Kotenko,Andrey Chechulin +1 more
- 20 Nov 2012
TL;DR: Key elements of suggested architectural solutions for attack modeling and security evaluation are using a comprehensive security repository, effective attack graph (tree) generation techniques, taking into account known and new attacks based on zero-day vulnerabilities, stochastic analytical modeling, and interactive decision support to choose preferred security solutions.