Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Designing a Security Operations Center ? Looking for Ideas -

from [Wright, Sallie] Network Security [Permanent Link]
Subject: RE: Designing a Security Operations Center ? Looking for Ideas -
Date: Thu, 18 Nov 2004 16:52:04 -0600 
Have you looked at Tenable? 

-----Original Message-----
From: Murtland, Jerry [mailto:MurtlandJ@Grangeinsurance.com] 
Sent: Thursday, November 18, 2004 1:42 PM
To: 'Terry S'; security-management@securityfocus.com
Subject: RE: Designing a Security Operations Center ? Looking for Ideas
-

Terry,
I'm not sure as to your background, but a good place to start would be
to determine what all you want to monitor and during what operational
time.
For example, I monitor firewall logs, sys-logs, IDS alerts, Security
Informational Bulletins, and perform regular vulnerability assessments
in my SOC.  I am also building an Identity Management practice to be
coming soon.
This will entail monitoring login alerts and monitoring expired/lockout
accounts and review logs for duplicates.  One thing for sure, if you
have to monitor as much as this, you will need a good log correlation
tool.  I am evaluating a couple right now.  NetForensics and Network
Intelligence are two that I'm looking at right now.  Not endorsing
either because I'm not entirely sold on either at this point.  It would
help if we knew what your experience was, to what scale you intend to
monitor your systems, and what your goal is with the SOC.  If you don't
have much experience with security and you don't have the staff to
support a full operation, you may want to consider outsourcing some of
it until you gain the familiarity with some of the tools you decide on.
This will introduce you to the operational side of the house and give
you some exposure to things without having to rush off to training and
starting from green pastures.

Whatever you decide, it's not an easy task.  Good luck with it.

Jerry J. Murtland, CISSP
Sr. Data Security Analyst
Information Security Dept



-----Original Message-----
From: Terry S [mailto:dts15@yahoo.com]
Sent: Tuesday, November 16, 2004 12:17 PM
To: security-management@securityfocus.com
Subject: Designing a Security Operations Center ? Looking for Ideas -




Hello to all,

I have been tasked to design a Security Operations Center (SOC) for my
company and wanted to know if there are any good papers, links,
books.....?


I am also looking for anyone who has done one and what advice you can
provide? 

Thanks,
Terry
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Security Staff, Keith Pachulski
Next by Date:  Re: Designing a Security Operations Center ? Looking for Ideas -, Ed Moyle
Previous by Thread:  RE: Designing a Security Operations Center ? Looking for Ideas -, Murtland, Jerry
Next by Thread:  RE: Designing a Security Operations Center ? Looking for Ideas -, Bohoudi, S. - Salah -
Indexes:  [Date] [Thread] [Top] [All Lists]