Contribution Which strategy should you adopt to boost your SOC’s in-house appeal? by Thomas Girard, CS
Articles by the same author:
1
2
3
4
CS is a designer and integrator of security systems that allows CISOs to increase the visibility of a SOC (Security Operations Centre) and enhance its attractiveness to a company’s hierarchy: Board of Directors, Risk Management Department, etc.
Designing, integrating, rolling out and operating a SOC requires investment — in technical means, change management and human resources. However, while cybersecurity incidents are increasing, the budgets of companies dedicated to Information Systems Security are decreasing. CISOs are thus faced with a dual challenge: to set up a SOC that is as efficient as possible, and to win the support of the company’s Board of Directors in order to obtain the necessary investment.
A SOC is to a security team what a control tower is to an aeroplane pilot: it is a system that detects incidents, prevents risks, issues warnings and aids decision-making.
It helps the company meet its main objective: to ensure the continuity of its core business by adapting to the pressures and risks linked to hyper-connectivity as efficiently and as quickly as possible.
Due consideration for company standards (in terms of risks, threats and impacts) and for functional and technical architecture makes it possible to outline the services to be implemented and to establish a SOC’s scope. Is it necessary to have a SOC on a group level? On a regional level? On a local level? What are the functional parameters to be covered (mobile hosting, professional applications, etc.)?
All of these elements make it possible to specify the technical architecture of the SOC: centralised vs. decentralised, volumes, teams, and so on.
The establishment of a SOC is a strategic project that affects the whole company. This means that a SOC project must above all be supported by the Board of Directors so that security forms an integral part of the company.
However, it is also a project in which all stakeholders (such as operational teams and clients) must be connected and kept informed by means of RETEX (a feedback methodology), professional dashboards and information from cyber surveillance.
It must also be possible to use the SOC to meet the obligations imposed on VOs (Vital Operators) within the framework of the 2014–2019 French Military Planning Law (FMPL), particularly with respect to incident reporting. This involves implementing a system of detecting cyber attacks and reporting significant security incidents to the competent authorities.
A surveillance strategy makes it possible to formalise a SOC’s functioning in order to ensure good management. It is generally based on a document that defines the SOC’s scope, architecture, maintenance processes and various rules, and is founded on knowledge and project monitoring.
While its primary objective is to ensure proper surveillance of the IT assets, it is also an excellent means of ensuring a SOC’s effectiveness and directing it as it becomes more powerful.
It is humanly impossible to cover everything, whether in terms of risk analysis or the selection of threat scenarios. Thus, some choices need to be made:
|
These strategic choices can be broken down to create a solid supervision policy: elements necessary to detect predefined threat scenarios, standards to formalise the process, architecture to be implemented, reporting, etc. Don’t forget to make a provision for specific daily reporting for your BoD or RMD — a timed five-minute report every morning, for example. To prepare yourself for the 2014–2019 French Military Planning Law, get involved in the SECEF (SECurity Exchange Format) online community at: www.secef.net |
Implementation includes provisions for translating ISS principles into practices and establishing organisation and process models. This phase may also allow awareness raising throughout the hierarchy: it is sufficient to make sure you have a dedicated demo interface to sell the SOC in house just as you would to a client. |
The Security Maintenance phase makes it possible to ensure your SOC’s continued optimum performance. It also allows the impacts of an attack to be analysed. To reassure your company’s hierarchy of the SOC’s reliability, why not simulate a crisis in which the BoD is the immediate victim, and give them a concrete demonstration of your system’s effectiveness? |
About CS
CS is a major player in the design, integration and operation of critical systems. As a designer and integrator of security systems, CS is currently the only French company with a complete range of high-security solutions and products entirely designed and developed in France. CS is listed on Euronext Paris compartment C (share codes: Euroclear 7896/ISIN FR 0007317813).
To learn more, visit www.c-s.fr