You are previewing Designing and Building a Security Operations Center.
O'Reilly logo
Designing and Building a Security Operations Center

Book Description

Do you know what weapons are used to protect against cyber warfare and what tools to use to minimize their impact? How can you gather intelligence that will allow you to configure your system to ward off attacks? Online security and privacy issues are becoming more and more significant every day, with many instances of companies and governments mishandling (or deliberately misusing) personal and financial data.

Organizations need to be committed to defending their own assets and their customers’ information. Designing and Building a Security Operations Center will show you how to develop the organization, infrastructure, and capabilities to protect your company and your customers effectively, efficiently, and discreetly.

Written by a subject expert who has consulted on SOC implementation in both the public and private sector, Designing and Building a Security Operations Center is the go-to blueprint for cyber-defense.



  • Explains how to develop and build a Security Operations Center
  • Shows how to gather invaluable intelligence to protect your organization
  • Helps you evaluate the pros and cons behind each decision during the SOC-building process

Table of Contents

  1. Cover
  2. Title page
  3. Table of Contents
  4. Copyright
  5. Author Biography
  6. Technical Editor Biography
  7. Foreword
  8. Acknowledgments
  9. Chapter 1: Efficient operations
    1. Abstract
    2. Defining an operations center
    3. Purpose of the operations center
    4. Emergency operations center
    5. Mission operations center
    6. Threat operations center
    7. Network operations center
    8. Let us build a SOC!
    9. Technology phase
    10. Organizational phase
    11. Policy phase
    12. Operational phase
    13. Intelligence phase
    14. Plan your SOC
    15. Logs
    16. Event
    17. Alerts
    18. False positive
    19. True positive
    20. False negative
    21. True negative
    22. Incidents
    23. Problems
    24. Define your requirements
    25. Summary
  10. Chapter 2: Identify your customers
    1. Abstract
    2. Internal versus external customers
    3. Human resources
    4. Legal
    5. Audit
    6. Engineering/R&D
    7. IT
    8. External customers
    9. Customer objectives
    10. Service level agreements
    11. Build and document your use cases
    12. Use case: unauthorized modification of user accounts
    13. Stakeholders: compliance and audit departments
    14. Use case: disabled user account reactivated
    15. Stakeholders: HR and IT
    16. Use case: any IDS event that scores over a severity of 7
    17. Use case: AV failure
    18. Stakeholders: desktop support team, IT server management teams
    19. Use case: security device outage
    20. Stakeholders: security and IT
    21. Use case rule summary
    22. Use case: top vulnerabilities detected in the network
    23. Stakeholders: security, IT, audit, and management
    24. Use case reporting summary
    25. Expectations
  11. Chapter 3: Infrastructure
    1. Abstract
    2. Organizational infrastructure > operations infrastructure > support infrastructure
    3. Organizational security infrastructure
    4. Perimeter defenses
    5. Network defense
    6. Host defenses
    7. Application defenses
    8. Data defense
    9. Policies and procedures
    10. Security architecture
    11. SIEM/log management
    12. Operation center infrastructure
    13. Building the ticket system
    14. Subject
    15. Parsed values from events
    16. Time ticket created
    17. User\group\queue
    18. Source (SIEM, email, phone)
    19. Category
    20. Status
    21. Reason codes
    22. Acknowledgment/ticket feedback
    23. Workflow and automation
    24. Portal interface
    25. Mobile devices
    26. Support infrastructure
    27. Physical
    28. Private SOC network
    29. Video walls
    30. Video projectors
    31. Labs
  12. Chapter 4: Organizational structure
    1. Abstract
    2. Different reporting lines
    3. Legal
    4. CISO
    5. CIO
    6. Compliance
    7. SOC organization
    8. Engineering
    9. Security architecture
    10. Security monitoring and analysis
    11. Responsibility
    12. Authority
    13. Fulfilling needs
  13. Chapter 5: Your most valuable resource is your people
    1. Abstract
    2. Operational security
    3. Culture
    4. Personality
    5. Core skill sets
    6. Analysts
    7. Security analyst—job description
    8. Security engineering
    9. Security operations engineer—job description
    10. Security architect
    11. Security architect—job description
    12. SOC team lead
    13. SOC team lead—job description
    14. SOC management
    15. SOC manager—job description
    16. SOC games
    17. Special projects
    18. Do not forget your people
  14. Chapter 6: Daily operations
    1. Abstract
    2. Problem and change event communications
    3. Shift turn overs
    4. Daily operations calls
    5. Critical bridges
    6. IR
    7. Detection
    8. Confirmation
    9. Analysis
    10. Containment
    11. Recovery
    12. Review
    13. Communication plan
    14. Regular workshops
    15. Checklists
    16. Shift schedules
    17. Types of shift schedules
    18. Other shift options
    19. Follow the sun
    20. Shift rotation
    21. Dealing with absenteeism
  15. Chapter 7: Training
    1. Abstract
    2. Internal functional training
    3. Internal skill set training
    4. Summary
  16. Chapter 8: Metrics
    1. Abstract
    2. Heads up display
    3. Supervisor metrics
    4. Vulnerabilities
    5. Vulnerability prioritizing
    6. Base CVSS2 threshold
    7. Temporal CVSS2 threshold
    8. Asset prioritizing as a part of metrics
    9. Historical monitoring of patches
  17. Chapter 9: Intelligence
    1. Abstract
    2. Know thyself
    3. Known IP space, know thy enemy
    4. Blacklists
    5. Black listing projects
    6. Other types of lists
    7. Organizations and industry partners
    8. Proactive activity monitoring
  18. Chapter 10: Outsourcing
    1. Abstract
    2. Types of MSSPs
    3. Advantages of MSSP outsourcing
    4. Disadvantages to MSSP outsourcing
    5. How the services will be delivered
    6. Summary
  19. Chapter 11: Do not forget why you are here
    1. Abstract
  20. Appendix A
  21. Appendix B
  22. Appendix C
  23. Glossary
  24. Index