EDITOR ’ S QUESTION
MARK ORLANDO , ASSOCIATE INSTRUCTOR , SANS INSTITUTE
The Middle East has continued to see rapid growth in security operations in response to sustained financially and politically motivated cyberattacks in the region . This has meant significant investments in managed security services and security technology and a steep rise in the demand for skilled staff .
Before the security operations team can make decisions about what constitutes unusual or malicious activity , executives must set requirements for how enterprise IT is to be built and used . Organisational security policies should outline standard configurations , hardening guidelines , minimum security controls , regulatory and safety considerations , and activities that constitute abuse or misuse of corporate resources . The answers to these questions drive key SOC functions like data collection , alert triage , and incident response . Security and incident response policies should also clearly define lines of authority for how incidents can be contained and remediated . Without this authority , the security team will be ineffectual regardless of its size and capabilities .
Making security investments commensurate with the size , scale , and speed of IT transformation and digitisation efforts can be a major challenge . However , including security capabilities in these initiatives as early as possible improves resilience and reduces the likelihood that security will be disruptive to users or business processes . any business relying on information technology to create value could benefit from a SOC . The real question is , what SOC strategy makes the most sense and how is that strategy aligned to the business ?
Smaller organisations tend to rely more heavily on external consultants and service providers to bolster their capabilities , while larger organisations can more easily justify investing in dedicated internal security teams . Whichever approach is used , SOC capabilities must reflect the risk appetite and strategic goals of the business in everything from technologies used to how incidents are contained to impacts on user productivity . The business must also be prepared to act upon the decision support the SOC will provide regarding new threats or changing trends . With CIOs and CISOs facing so many challenges when implementing SOCs within their organisations , pundits warn that they should avoid certain pitfalls when developing their own SOC or when outsourcing services from a SOC .
They must-have well-defined goals for their SOC and provide the necessary resources , visibility , and authority to achieve those goals . Is the goal of the SOC to ensure regulatory compliance , identify and respond to threats , minimise disruption due to attacks , or all of the above ? Success is impossible without first defining these requirements and developing key performance indicators that the SOC is achieving its goals .
This is particularly true when building a SOC , where data collection and incident response can be far more costly and technically challenging when integrated later in the IT engineering process . CIOs should also consider their requirements for a SOC : what are they most concerned about from a cybersecurity perspective , and what capabilities or insights might a SOC offer to alleviate those concerns ?
CIOs and CISOs must also be ready to respond to the insights the SOC provides . If the organisation is unwilling to transform IT infrastructure or alter strategy based on evolving threats and attack trends , then it is less likely the SOC will be able to provide real value . This lack of responsiveness also makes it difficult to hire and retain skilled staff who want to feel like they are doing meaningful work .
www . intelligentcio . com INTELLIGENTCIO AFRICA 27