Building and Managing an Effective Security Operations Center
Internal Audit and IT Audit Series

An information security operations involves monitoring, assessing, and defending enterprise information systems. For organizations without a formalized incident-handling capability, the creation from scratch of a security operations center that enables centralized visibility, alerting and investigation can be a daunting task. But fortunately organizations don?t need a room full of security experts and an investment of millions of dollars in security systems to make progress here. This book explains how to develop an effective security operations center (SOC) and provides a roadmap for continuously evolving this capability to keep pace with the tactics of the adversaries.

Roles of Security Operations: IT Security Specialists and Security Analysts. The Role of Forensics and the IT Audit Discipline. Executive Level IT Security Roles. Simulating and Mitigating Threats: Documenting Abstraction and What to Anticipate. Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege (STRIDE). Modeling tools for Threat Analysis. Social Hacking: Never ‘Too Much’ Information. Disguise. Persuasion. IT Security Operations and Privacy: Protecting Confidential Data. Assessing Impact. IT Security Documentation: Business Impact Assessments. Disaster Recovery Documentation. Technical Aspects of Security Operations: Execution of Network Security Monitoring (NSM) and Audit Logs. Packet Analysis . Defending the Applications, Servers and Clients. Collateral Duties of Security Operations: Policy, Configuration Management, Password Administration and Management, and Proactive Audit Preparation