Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Designing a Security Operations Center Looking for Ideas -

from [Parthasarathy, Shree (US - New York)] Network Security [Permanent Link]
Subject: RE: Designing a Security Operations Center Looking for Ideas -
Date: Fri, 19 Nov 2004 17:57:44 -0500 
Terry,

I would agree with Mark on the advice that he has provided. I would go
on to add that in order to set up effective security program &
operationalizing  it an organization involves several key areas

First and foremost one needs to identify the program elements that are
aligned to the success of your organization. Some examples of program
elements which are part of a security program are

1.      Governance
2.      Program Quality Assurance
3.      Identity, Access & entitlement Management
4.      Third Party or Vendor Access Management
5.      Training & Awareness
6.      Business Continuity
7.      Information Security & Technology Operation
8.      Testing

The above is a short list and could differ depending on the challenges
faced within your organization.

Once you have defined the strategic drivers and vision for each of the
program elements, you will need to then start several key tactical
initiatives with the use of internal staff + consultants as needed to
achieve the vision. 

The complexity of the initiation and roll out depend on the size of your
organization and its geographic span. Also regulatory factors based on
the industry that your organization is in will drive many of your
requirements and implementation deadlines. 

Check the following web sites 

http://www.gocsi.com/ 
http://prisma.nist.gov/index.html

they provide some good training and links

Good Luck and do not hesitate to contact me if you need further
guidance. 

Regards,
Shree

_____________________________________________________________
Shree Parthasarathy (Par tha sarah thee) CISSP, CISM
Senior Manager
DELOITTE & TOUCHE LLP | 2  WFC | New York | NY | 10281 
Office: 212.436.5485 | Toll-Free 800.328.8782 ext. 5485 
Fax: 212.653.6140 | Mobile: 646.637.8560 
sparthasarathy@deloitte.com | http://www.deloitte.com

-----Original Message-----
From: Weatherford, Mark T. [mailto:Mark.T.Weatherford@mdnt.com] 
Sent: Friday, November 19, 2004 12:52 PM
To: Terry S; security-management@securityfocus.com
Subject: RE: Designing a Security Operations Center Looking for Ideas -

Terry,

Advice is free but should always be taken with a dose of reality because
every situation and organization is different and the biggest challenge
is always determining and then meeting requirements with the limited
(aren't they always) resources available.  Setting up a SOC is a
challenging but not impossible task.  

My first advice is to hire the best people you can find and afford to
achieve the level of defense in depth you need for your organization.
You can hit the ground running if you have qualified information
security engineers, analysts, and architects.  This is not trivial
because they bring a wealth of experience that will help you avoid a lot
of potholes! Multiple IDS's (host and network), firewall logs, syslog,
system patching, anti-virus maintenance, spam filtering, incident
response, etc, etc, all take manpower but you can achieve great
economies of scale but having savvy people who can perform multiple
functions efficiently...and that's the key! 

The link to the paper Ed sent "Best Practices for Building a Security
Operations Center White Paper" is excellent and I also suggest rummaging
through the SANS Reading Room (http://www.sans.org/rr/) where you can
find tons of good info.  There are a lot of other books and white papers
that will give you things to think about but from my experience, the
only way to do it is to do it!  The best kind of experience that truly
adds to the treasure chest of knowledge is the proverbial "scab on the
knee." 

Also, is you have four extra days and the CFO has thrown you a few
bucks, Carnegie Mellon's Software Engineering Institute (SEI) has the
"Creating a Computer Incident Response Team" (1 day) and "Managing
Computer Incident Response Teams" (3 days) courses that are excellent.
Don't be put off by the narrow sounding titles of the courses, you'll
get valuable information for what you need in a SOC.

Good luck,
Mark

Mark Weatherford, CISSP, CISM
Raytheon - Information Assurance Program Manager
Colorado Springs, CO 
 

-----Original Message-----
From: Terry S [mailto:dts15@yahoo.com] 
Sent: Tuesday, November 16, 2004 10:17 AM
To: security-management@securityfocus.com
Subject: Designing a Security Operations Center Looking for Ideas -



Hello to all,

I have been tasked to design a Security Operations Center (SOC) for my
company and wanted to know if there are any good papers, links,
books.....?  

I am also looking for anyone who has done one and what advice you can
provide? 

Thanks,
Terry


This message (including any attachments) contains confidential information 
intended for a specific individual and purpose, and is protected by law.  If 
you are not the intended recipient, you should delete this message.  Any 
disclosure, copying, or distribution of this message, or the taking of any 
action based on it, is strictly prohibited.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Email Retention Policy, John Blackley
Next by Date:  3rd Party Connections, James McGee
Previous by Thread:  RE: Designing a Security Operations Center Looking for Ideas -, Weatherford, Mark T.
Next by Thread:  Security Staff, "Weigel Muñoz, Margarita"
Indexes:  [Date] [Thread] [Top] [All Lists]