EDITOR ’ S QUESTION
DAVID BROWN , SECURITY OPERATIONS DIRECTOR AT
AXON TECHNOLOGIES
If an organisation has a CISO role , it should also have some level of security operations centre or service .
The security operations centre ( SOC ) market in the Middle East is growing – not as fast as other regions , but it is rising . This growth is from a combination of factors : the first is new , more stringent government regulations for many industry verticals . The second factor is the increased proliferation of cyberattacks across all regions , further fuelled by the growing move to cloud services , organisations are opening new attack paths . These attacks result in heavy financial and reputation losses to both public and private , small and large organisations alike .
Some of the first policies that need consideration are the ones that have the notion of ‘ Protecting everything equally ’. This translates into protecting everything poorly . Some of the first security policies to roll out are in data and asset classification policies . Data classification has two primary purposes : first , it allows defenders to understand the importance of data and second , provides defenders with instant prioritisation . Asset classification also has two primary goals : firstly , it gives defenders instant prioritisation , and secondly , it allows defenders to understand attack paths . These policies are independent of a SOC but provide vital information to all security operations and tooling . The notion here is to provide a higher and more focused level of protection for critical data and assets while delivering standard protections for everything else . monitoring is critical to detecting the first signs of abnormal activity . Continuous monitoring ( either proactive or reactive ) is the first step in improving posture . The following steps in cybersecurity posture improvements come from visibility , speed , and agility and this is delivered from SOCs with enhanced monitoring , detecting , and response capabilities . A good SOC can play an active role in threat prevention , not just threat detection . This active threat prevention allows an organisation to stay ahead of potential attackers and issues . It reduces the effect of a breach when they happen and , therefore , the potential costs of the violation via data loss or reputation damage .
If an organisation has a CISO role , it should also have some level of security operations centre or service . This has nothing honestly to do with the type of business even though some industry verticals are more targeted than others , but as the market has seen over the last few years , cybercrime touches all verticals , big , small , public , or private . Here is the real test ; ask yourself and the other C-level executives , can the business survive financially and reputationally , losing all data , a work stoppage of all information systems for days to weeks , the theft and leaking of all client information ? You might not need a SOC if you answered yes to all these . But if you answered anything else , then the answer is your business is ideally suited to use services provided by a SOC .
This being the background , the SOC segment provides a myriad of cybersecurity posture improvements for regional CIOs . SOC is one of the first lines of defence against attacks and breaches ; 24 by 7 uninterrupted
28 INTELLIGENTCIO AFRICA www . intelligentcio . com