Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Designing a Security Operations Center Looking for Ideas -

from [Weatherford, Mark T.] Network Security [Permanent Link]
Subject: RE: Designing a Security Operations Center Looking for Ideas -
Date: Fri, 19 Nov 2004 12:51:30 -0500 
Terry,

Advice is free but should always be taken with a dose of reality because
every situation and organization is different and the biggest challenge
is always determining and then meeting requirements with the limited
(aren't they always) resources available.  Setting up a SOC is a
challenging but not impossible task.  

My first advice is to hire the best people you can find and afford to
achieve the level of defense in depth you need for your organization.
You can hit the ground running if you have qualified information
security engineers, analysts, and architects.  This is not trivial
because they bring a wealth of experience that will help you avoid a lot
of potholes! Multiple IDS's (host and network), firewall logs, syslog,
system patching, anti-virus maintenance, spam filtering, incident
response, etc, etc, all take manpower but you can achieve great
economies of scale but having savvy people who can perform multiple
functions efficiently...and that's the key! 

The link to the paper Ed sent "Best Practices for Building a Security
Operations Center White Paper" is excellent and I also suggest rummaging
through the SANS Reading Room (http://www.sans.org/rr/) where you can
find tons of good info.  There are a lot of other books and white papers
that will give you things to think about but from my experience, the
only way to do it is to do it!  The best kind of experience that truly
adds to the treasure chest of knowledge is the proverbial "scab on the
knee." 

Also, is you have four extra days and the CFO has thrown you a few
bucks, Carnegie Mellon's Software Engineering Institute (SEI) has the
"Creating a Computer Incident Response Team" (1 day) and "Managing
Computer Incident Response Teams" (3 days) courses that are excellent.
Don't be put off by the narrow sounding titles of the courses, you'll
get valuable information for what you need in a SOC.

Good luck,
Mark

Mark Weatherford, CISSP, CISM
Raytheon - Information Assurance Program Manager
Colorado Springs, CO 
 

-----Original Message-----
From: Terry S [mailto:dts15@yahoo.com] 
Sent: Tuesday, November 16, 2004 10:17 AM
To: security-management@securityfocus.com
Subject: Designing a Security Operations Center Looking for Ideas -



Hello to all,

I have been tasked to design a Security Operations Center (SOC) for my
company and wanted to know if there are any good papers, links,
books.....?  

I am also looking for anyone who has done one and what advice you can
provide? 

Thanks,
Terry
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Designing a Security Operations Center ? Looking for Ideas -, Bohoudi, S. - Salah -
Next by Date:  Re: Email Retention Policy, John Blackley
Previous by Thread:  Re: Designing a Security Operations Center ? Looking for Ideas -, Ed Moyle
Next by Thread:  RE: Designing a Security Operations Center Looking for Ideas -, Parthasarathy, Shree (US - New York)
Indexes:  [Date] [Thread] [Top] [All Lists]