Overview
Read this article from a comprehensive knowledge base, updated and supplemented with articles reviewed by scientific committees.
Read the articleAUTHOR
-
Nicolas DUFOUR: Doctor of Management, Associate Professor - CNAM Lirsa, Risk manager, Antony, France
INTRODUCTION
The Security Office Center (often referred to as the SOC) is a risk management system deployed by public and private sector organizations to ensure they have the organizational, human and technical skills they need to guarantee enhanced preventive and reactive detection capability in the face of cyber risks.
The SOC can be defined as a primarily organizational device enabling an organization (company, administration) to equip itself with a detection and investigation capability in the face of security incidents it may be confronted with. SOCs also have to anticipate various external threats, such as attempted cyber-attacks, or internal threats, such as data leaks linked to employee malice, for example. The SOC's challenge is also to guarantee a high level of responsiveness, by industrializing the response to security incidents, and defining the processes for dealing with them. In most cases, this translates into a 24/7 on-call system.
This approach is based on the assumption that such incidents can occur at any time, and more particularly when in-house teams are not in a zone of vigilance, or are understaffed (nights, weekends).
The increase in cyber threats, now seen as risks both in terms of severity (critical impact in the event of a proven attack) and frequency (attacks are becoming a daily occurrence, whatever the sector of activity or company size), makes it increasingly essential for an organization to rely on an operational security center.
What's more, the Operational Security Center does not address a single risk, such as ransomware attacks, but rather a range of threat scenarios and vulnerabilities (denial-of-service attacks, external fraud, internal fraud), as part of a global risk management approach.
The operational security center provides operational monitoring of the company's security consoles. The teams making up the operational security center (system security engineers, investigation analysts) also have the means to take the first steps, known as emergency measures, in the event of a suspected incident. These are known as precautionary measures. These emergency measures make it possible to reduce, or even avoid, the impact of current attacks. They do not replace more global decisions, such as those taken by a crisis unit. They do, however, provide a basic foundation of measures to be taken prior to any crisis unit.
Even if the teams at an operational security center have the technical capabilities to implement certain remediation actions, it is up to the customer organization's internal decision-makers to define risk acceptance or refusal situations (with associated avoidance, transfer or treatment measures). This presupposes that the threats,...
Exclusive to subscribers. 97% yet to be discovered!
You do not have access to this resource.
Click here to request your free trial access!
Already subscribed? Log in!
The Ultimate Scientific and Technical Reference
This article is included in
Security of information systems
This offer includes:
Knowledge Base
Updated and enriched with articles validated by our scientific committees
Services
A set of exclusive tools to complement the resources
Practical Path
Operational and didactic, to guarantee the acquisition of transversal skills
Doc & Quiz
Interactive articles with quizzes, for constructive reading
Operational Security Center (SOC)
Bibliography
Bibliography
Standards
- Information security management systems – Requirements - ISO/IEC 27001 - 2022
- Information security, cybersecurity and privacy protection — Information security measures. - ISO/IEC 27002 - 2022
Regulations
Decree no. 2015-350 of March 27, 2015 on the qualification of security products and trust service providers for information system security purposes.
Decree no. 2015-351 of March 27, 2015 relating to the security of information systems of operators of vital importance and taken for the application of section 2 of chapter II of title III of book III of the first part of the legislative part of the Defense...
Exclusive to subscribers. 97% yet to be discovered!
You do not have access to this resource.
Click here to request your free trial access!
Already subscribed? Log in!
The Ultimate Scientific and Technical Reference