Looking for a Career in Security Operations Centre (SoC)?

Author: The author, Lieutenant Col Amit Sharma, SM, is a President-awarded veteran working in operational logistics, facility management, corporate affairs, and physical & corporate security functions, as well as technical convergence. He provides strategic advisory and solutions at all levels of management functions in a consulting role. Lieutenant Col Amit Sharma is available for designing and implementing anti-fraud strategies.

Introduction

Cybersecurity threats are difficult to detect and mitigate. Companies need an organization that can take responsibility for information security and create an efficient process for detection, mitigation, and prevention. This is where a security operations center (SOC) comes in. SOC, is a centralized location where an information security team monitors, detects, analyzes, and responds to cybersecurity incidents. On a larger scale, there are also Global Security Operations Centers (GSOC), which ensure a big-picture view of what is happening across bigger organizations. Smaller organizations are setting up lightweight SOCs, such as a hybrid SOC, which combines part-time, in-house staff with outsourced experts, or a virtual SOC, which has no physical facility at all, and is a team of in-house staff who also serve other functions. SOC teams isolate unusual activity on servers, databases, networks, endpoints, applications, etc., identify security threats, investigate them, and react to security incidents as they occur.

Why is SOC Needed?

SOCs offer assurance that threats will be detected and prevented in real time. They can:

• React faster. The SOC provides a centralized, complete, real-time view of how the entire infrastructure is performing from a security standpoint, despite having several locations and thousands of endpoints. One can detect, identify, prevent and resolve issues before they cause too much trouble for the business.
• Protect consumer and customer trust. Consumers are already skeptical of most companies and are worried about their privacy. Creating a SOC to protect consumer and customer data can help build trust in an organization. And of course, preventing breaches protects that trust.
• Minimize costs. While many organizations think establishing a SOC is cost prohibitive, the cost associated with a breach — including the loss of data, corrupted data or customer defection – are much higher.

Functions of SOC

Proactive, around-the-clock surveillance of networks, hardware and software for threat and breach detection, and incident response. The functions that are performed but not limited to following:

• Expertise on all the tools, including third-party vendors, to ensure they can easily resolve security issues.
• Installation, updating and troubleshooting of application software.
• Monitoring and managing of firewall and intrusion prevention systems.
• Scanning and remediation of antivirus, malware, and ransomware solutions.
• Email, voice, and video traffic management.
• Patch management and authorization.
• Deep analysis of security log data from various sources.
• Analysis, investigation, and documentation of security trends.
• Investigation of security breaches to understand the root cause of attacks and prevent future breaches.
• Enforcement of security policies and procedures.
• Backup, storage, and recovery.

The SOC uses a range of tools that collect data from across the network and various devices, monitors for anomalies and alerts staff of potential threats. The SOC is tasked with finding weaknesses – both outside and within the organization — through ongoing software and hardware vulnerability analysis, as well as actively gathering threat intelligence on known risks. SOC staff are proactively looking at ways to improve security. Vulnerability assessment includes actively trying to hack their own system to find weaknesses, which is known as penetration testing. Additionally, a core role of SOC personnel is security analysis. ensuring that the organization is using the correct security tools, optimally, and assessing what is and is not working.

Workforce in SOC

The SOC is made up of highly skilled security analysts and engineers. These are professionals trained specifically to monitor and manage security threats. They know specific processes to follow if the infrastructure is breached. Most SOCs adopt a hierarchical approach to manage security issues, where analysts and engineers are categorized based on their skill set and experience. A typical team might be structured something like this.

• Level 1. The first line of incident responders. These security professionals watch for alerts and determine each alert’s urgency as well as when to move it up to Level 2. Level 1 personnel may also manage security tools and run regular reports.
• Level 2. These personnel usually have more expertise, so they can quickly get to the root of the problem and assess which part of the infrastructure is under attack. They will follow procedures to remediate the problem and repair any fallout, as well as flag issues for additional investigation.
• Level 3. At this level, personnel consist of high-level expert security analysts who are actively searching for vulnerabilities within the network. They will use advanced threat detection tools to diagnose weaknesses and make recommendations for improving the organization’s overall security. Within this group, one might also find specialists, such as forensic investigators, compliance auditors or cybersecurity analysts.
• Level 4. This level consists of high-level managers and chief officers with the most years of experience. This group oversees all SOC team activities and is responsible for hiring and training, plus evaluating individual and overall performance. Level 4s step in during crises, and, specifically, serve as the liaison between the SOC team and the rest of the organization. They ensure compliance with organization, industry, and government regulations.

The SOC Jobs and Job Descriptions

Security professionals will find the following jobs listed against SOC vacancies and they should include the skill set under them to find the right job:

• Security Analyst. The first to respond to incidents. Their response typically occurs in three stages. threat detection, threat investigation, and timely response. Security analysts should also ensure that the correct training is in place and that staff can implement policies and procedures.
• Security Engineer/Architect. Maintains and suggests monitoring and analysis tools. They create a security architecture and work with developers to ensure that this architecture is part of the development cycle. A security engineer may be a software or hardware specialist who pays particular attention to security aspects when designing information systems. They develop tools and solutions that allow organizations to prevent and respond effectively to attacks. They document procedures, requirements, and protocols.
• SOC Manager. Manages the security operations team and reports to the CISO. They supervise the security team, provide technical guidance, and manage financial activities. The SOC manager oversees the activity of the SOC team, including hiring, training, and assessing staff. Additional responsibilities include creating processes, assessing incident reports, and developing and implementing crisis communication plans. They write compliance reports, support the audit process, measure SOC performance metrics, and report on security operations to business leaders.
• Chief Information Security Officer (CISO). Defines the security operations of the organization. They communicate with management about security issues and oversee compliance tasks. The CISO has the final say on policies, strategies, and procedures relating to the organization’s cybersecurity. They also have a significant role in compliance and risk management and implement policies to meet specific security demands.
• The Director of incident response (IR) is a role in larger security organizations that is responsible for managing incidents as they occur and communicating security requirements to the organization in the case of a significant data breach.
• Compliance Auditor. Helps to standardize processes. Oversees compliance protocols.
• Threat Responder. Involved in activities associated with threat and incident response.
• Forensic Investigator. Examines and analyzes a threat’s structure, components, source, purpose, and the extent to which it has infiltrated and affected business systems.

The Tools

The tools that are used in the SOC include:

• Asset Directory. Provides insight into the systems, devices, and tools operating in IT environment.
• Asset Discovery. The asset discovery & inventory capabilities of good tools helps a SOC analysts.
• Vulnerability Assessment. Flexibility is one of the most important aspects of doing vulnerability assessment well. At peak hours, vulnerability scans can disrupt network and system performance.
• Behavioral Monitoring. At its most basic, effective cyber security monitoring comes down to exception management. What activities represent exceptions to the norm? (e.g., policy violations, error messages, spikes in outbound network activity, unexpected reboots, etc.) What is required for all this to work is an understanding of what the “norm” looks like. Creating a baseline of system and network behavior provides the essential foundation with which to spot anomalies-which often signal the presence of cyber adversaries. To capture a baseline, it’s critical to combine behavioral monitoring technologies, to provide a full, 360-degree perspective. Additionally, applying correlation rules against this data will help in identifying and classify the latest risks, as well as capture data to support in-depth forensic investigations.
• Intrusion Detection. Through a combination of proprietary research, collaboration with other security research institutions, and insights from the community-driven threat data one can scale up the level of research.
• Security Information and Event Management (SIEM) Solution. Provides real-time event monitoring, analysis, and alerts. SIEM components may include data aggregation, threat intelligence, correlation, machine learning, alerting, dashboards, compliance, data retention, and forensic capabilities.
• Endpoint Detection and Response. Provides visibility and containment options.
• Network Detection and Response. Captures, analyzes, and helps to block threats.
• Log Collection and Aggregation. Offers log availability and retention through a centralized repository to assist with analysis.
• Automated Malware Analysis and Sandboxing. Provides understanding of malware purpose and generates indicators of compromise (IOCs).
• Disassembler and Debugging Technologies. Assists SOC teams when reverse engineering and analyzing complex binaries to determine threat purpose, functionality, and capabilities.
• Threat Intelligence Platforms. Collects and aggregated internal and external sources of information for investigation.
• Cross-platform Acquisition Hardware and Software. Provide acquisition of forensically sound disk and memory images across operation systems.
• Case Management, Indexing, and Preliminary Analysis Capabilities. Captures case-related data and tracking information, performs analysis, and gathers results for investigation.
• Cloud-based Acquisition Solutions. Collects data from third-party services, such as Amazon Web Services, Microsoft 365, Google, iCloud, Facebook, Instagram, and Twitter, and performs data analysis.
• Mobile Acquisition Hardware. Acquires forensic images from mobile devices and performs analysis for investigation purposes.
• Remote Collection Capabilities. Pulls artifacts, system information, and forensic images remotely, without the need for local access.

Difference between a SOC and a Network Operations Centre (NOC)

While the SOC is focused on monitoring, detecting and analyzing an organization’s security health, the main objective of the NOC, or network operations center, is to ensure that the network performance and speed are up to par and that downtime is limited. SOC engineers and analysts search for cyberthreats and attempted attacks, and respond before an organization’s data or systems are compromised. NOC personnel search for any issues that could slow network speed or cause downtime. Both proactively monitor in real-time, with the goal of preventing problems before customers or employees are affected, and search for ways to make continual improvements so that similar issues don’t crop up again. A combination of a SOC with a network operations center (NOC), this model has a dedicated team, facility, and infrastructure. A multifunction SOC/ NOC goes beyond security functions to include IT operations, compliance, and risk management. The main advantage of this model is reduced cost, because it consolidates personnel and minimizes capital outlay. It is best suited for smaller organizations with low-risk exposures and those that already have overlapping security responsibilities across different teams. The multifunction SOC/NOC includes less emphasis on security. While the multifunctional team performs core security tasks, dividing attention over different IT, network, and security needs inevitably results in weaker security defenses. Additionally, a multifunctional team needs to have broader skill sets to address a wide variety of issues. This means they are not likely to have deep security expertise. That’s a big downside, because defending against today’s sophisticated and evolving threats requires advanced, up-to-date knowledge of security best practices.

Responsibilities of SOC

SIEM system collects logs and events from hundreds of security tools and organizational systems, and generates actionable security alerts, to which the SOC team can analyze and respond. A SOC team has many responsibilities:

• Maintaining security monitoring tools. The team must maintain and update tools regularly. Without the correct and most up-to-date tools, they can’t properly secure systems and networks. Team members should maintain the tools used in every part of the security process.
• Investigate suspicious activities. The SOC team should investigate suspicious and malicious activity within the networks and systems. SIEM or analytics software will issue alerts which the team then analyzes and examines, triages, and discovers the extent of the threat.
• Alert triage. The SOC collects and correlates log data and provides tools that allow analysts to review it and detect relevant security events.
• Alert prioritization. SOC analysts leverage their knowledge of the business environment and the threat landscape to prioritize alerts and decide which events represent real security incidents.
• Remediation and recovery. Once an incident is discovered, SOC personnel are responsible for mitigating the threat, cleaning affected systems, and recovering them to their normal working condition.
• Postmortem and reporting. An important function of the SOC is to document the organization’s response to an incident, perform additional forensic analysis to ensure that the threat has been fully contained, and learn from the incident to improve the SOC’s processes.

Types of SOCs

These are the common models for deploying a SOC within the organization:

• Dedicated SOC- Classic SOC with dedicated facility, dedicated full-time staff, operated fully in house, 24×7 operations.
• Distributed SOC- Some full-time staff and some part-time, typically operates 8×5 in each region.
• Multifunctional SOC/NOC- A dedicated facility with a dedicated team which performs both the functions of a Network Operations Center (NOC) and a SOC.
• Fusion SOC- A traditional SOC combined with new functions such as threat intelligence and operational technology (OT).
• Command SOC/Global SOC- Coordinates other SOCs in a global enterprise, provides threat intelligence, situational awareness, and guidance.
• Virtual SOC- No dedicated facility, part-time team members, usually reactive and activated by a high-profile alert or security incident.
• Managed SOC/MSSP/MDR- Many organizations are turning to Managed
• Security Service Providers (MSSP) to provide SOC services on an outsourced basis. Modern offerings are called Managed Detection and Response (MDR). Managed SOCs can be outsourced completely or co-managed with in-house security staff.

Advantages of Having a SOC

The important advantages of having a SOC are given below:

• Incident response. SOCs operate around the clock to detect and respond to incidents.
• Threat intelligence and rapid analysis. SOCs use threat intelligence feeds and security tools to quickly identify threats and fully understand incidents, in order to enable appropriate response.
• Reduce the complexity of investigations. SOC teams can streamline their investigative efforts. The SOC can coordinate data and information from sources, such as network activity, security events, endpoint activity, threat intelligence, and authorization. SOC teams have visibility into the network environment, so the SOC can simplify the tasks of drilling into logs and forensic information, for example.

Challenges of a SOC

The SOC maintains an increasingly complex purview, managing all aspects of the organization’s cyber security. For many organizations, creating and maintaining an effective security operations center can be challenging. Common issues include the following:

• Alert fatigue. The most common challenge facing many organizations is the sheer volume of security alerts, many of which require the use of both advanced systems and human oversight to properly categorize, prioritize and remediate. With a large number of alerts, some threats can be miscategorized or insufficiently addressed. This underscores the need for advanced monitoring tools and automation capabilities, as well the need for a team of highly skilled professionals.
• Complexity. The global nature of business, the fluidity of the workplace, increased use of cloud technology and other issues have increased the complexity of both defending the organization and responding to threats. Today, relatively simple solutions like firewalls offer insufficient protection from digital adversaries. Security requires a sophisticated solution that combines technology, people and processes, the likes of which can be difficult to build, integrate and maintain.
• Cost. Building a security operations center requires significant time and resources. Maintaining it can be even more demanding, as the threat landscape changes constantly and requires frequent updates and upgrades as well as continuous learning and development of staff. Further, cybersecurity is a highly specialized field, with few organizations having the needed talent to understand the full needs of the organization and the current threat landscape. Many organizations engage managed security service providers as a way of ensuring strong outcomes without significant technology or workforce investments.
• Skills shortage. Building an in-house security solution is made even harder by a limited candidate pool. Cybersecurity professionals are in high demand around the world, making it difficult to recruit and retain these individuals. A turnover within the security organization can potentially affect the security of the organization.

Drivers for Setting up SOC

A SOC is an advanced stage in the maturity of an organization’s security. The following are drivers that typically push companies to take this step:

• Requirements of standards such as the Card Industry Data Security , government regulations, or client requirements.
• The need for the business to secure extremely sensitive data.
• Past security breaches and/or public scrutiny.
• Type of organization -the scale and threat profile that justifies a SOC, or even multiple SOCs.

Designing a SOC

Questions to ask before setting up a SOC?

• Availability and hours.
• Format -Will you have a standalone SOC or an integrated SOC and NOC?
• Organization – Do you plan to control everything in house, or will you use an MSSP?
• Priorities and capabilities – Are security the core concern, or is compliance a key issue? Is monitoring the main priority, or will you need capabilities such as ethical hacking or penetration testing? Will you make extensive use of the cloud?
• Environment -Are you using a single on-premises environment or a hybrid environment?

Steps to Set up the SOCs

• Develop a strategy. A SOC is an important investment; there is a lot riding on your security planning. To create a strategy that covers your security needs, consider the following:
  • What do you need to secure? A single on-premises network, or global? Cloud or hybrid? How many endpoints? Are you protecting highly confidential data or consumer information? What data is most valuable, and most likely to be targeted?
  • Will you merge your SOC with your NOC or create two separate departments? Again, the capabilities are hugely different, and merging them requires different tools and personnel skills.
  • Do you need round the clock availability from SOC staff? This affects staffing, cost, and logistics.
  • Will you build the SOC entirely in-house, or outsource some or all functions to a third-party vendor? A careful cost-benefit analysis will help define the trade-offs.
• Ensure everyone understands what the SOC does. A SOC observes and checks endpoints and the organization’s network and isolates and addresses possible security issues. Create a clear separation between the SOC and the IT help desk. The help desk is for employee IT concerns, whereas the SOC is for security issues related to the entire organization.
• Provide infrastructure. Without the appropriate tools, a SOC team will not be able to deal with a security threat. Evaluate and invest in tools and technologies that will support the effectiveness of the SOC and are appropriate for the level of expertise of in-house security team. See the next section for a list of tools commonly used in the modern SOC.
• Find the right people. Build a security team using the roles listed above. security analysts, security engineers, and a SOC manager. These specialists should receive ongoing training in areas such as reverse engineering, intrusion detection, and malware anatomy. The SOC manager needs to have strong security expertise, management skills, and battle-tested crisis management experience. Hiring talented staff and continually improving their skills is central to success. The market for security talent is competitive. After hiring, continually invest in training to improve their skills; this not only enhances security, but it also improves engagement and retention. The team must understand application and network security, firewalls, information assurance, Linux, UNIX, SIEM, and security engineering and architecture. The highest-level security analysts should possess these skills:
  • Ethical hacking. You want one of your people actively trying to hack your system to uncover vulnerabilities within your system.
  • Cyber forensics. Analysts must investigate issues and apply analysis techniques to both understand and preserve evidence from the investigations. If a case were to go to court, the security analyst must be able to provide a documented chain of evidence to show what occurred and why.
  • Reverse engineering. This is the process of deconstructing software or rebuilding it to understand how it works and, more importantly, where it is vulnerable to attacks so that the team can take preventive measures.
  • Intrusion prevention system expertise. Monitoring network traffic for threats would be impossible without tools. Your SOCs need to know the ins and outs of how to use them properly.
• Have an incident response plan ready. An incident response team should create a specific and detailed action plan. The team can also create a repeatable plan that can be used over time and adapt to different threat scenarios. Business, PR, and legal teams may also be involved if needed. The team should adhere to predefined response protocols so they can build on their experience.
• Invest in the right tools and services. As you think about building your SOC, focus first on the tools. The sheer number of security events will be overwhelming without the right automated tools to deal with the “noise” and subsequently elevate significant threats. Specifically, you need to invest in.
  • SEIM. This single security management system offers full visibility into activity within your network, collecting, parsing, and categorizing machine data from a wide range of sources on the network and analyzing that data so you can act on it in real time. SIEM makes the SOC more effective at securing your organization. Top security analysts – even those with the most advanced setups – cannot review the endless stream of data line by line to discover malicious activities, and that’s where SIEM can be a game changer. As we’ve mentioned, a SIEM collects and organizes all the data coming from various sources within your network and offers your SOC team insights so that they can quickly detect and respond to internal and external attacks, simplify threat management, minimize risk, and gain organization-wide visibility and security intelligence. SIEM is critical for SOC tasks, such as monitoring, incident response, log management, compliance reporting and policy enforcement. Its log management capabilities alone make it a necessary tool for any SOC. SIEM can parse through huge batches of security data coming from thousands of sources – in mere seconds – to find unusual behavior and malicious activity and stop it automatically. Much of that activity goes undetected without the SIEM. The SIEM helps the SOC pull the logs together and make rules that enable automation and can drastically reduce false alerts. Security analysts are freed up to focus their attention on the real threats. Additionally, the SIEM can offer robust reporting that helps with both forensic investigations and compliance requirements.
  • Endpoint protection systems. Every device that connects to your network is vulnerable to attack. An endpoint security tool protects your network when said devices access it.
  • Firewall. It will monitor incoming and outgoing network traffic and automatically block traffic based on security rules you establish.
  • Automated application security. Automates the testing process across all software and provides the security team with real-time feedback about vulnerabilities.
  • Asset discovery system. Tracks the active and inactive tools, devices and software being used on your network so you can evaluate risk and address weaknesses.
  • Data monitoring tool. Allows you to track and evaluate data to ensure its security and integrity.
  • Governance, risk and compliance (GRC) system. Helps you to ensure you’re compliant with various rules and regulations where and when you need to be.
  • Vulnerability scanners and penetration testing. Lets your security analysts search for vulnerabilities and find undiscovered weaknesses within your network.
  • Log management system. Allows you to log all those messages that come from every piece of software, hardware and endpoint device running on your network.
• Defend. A key responsibility of the SOC is to protect the perimeter with a dedicated team focused on detecting threats. The SOC’s goal is to collect as much data and context as possible, prioritize incidents, and ensure the important ones are dealt with quickly and comprehensively.
• Consider all options. The most common types of SOCs include:
  • Internal SOCs, usually with a full-time staff based on-premises. The internal SOC comprises a physical room where all the action takes place.
  • Virtual SOC (VSOC) is not on-premises and are made up of part-time or contracted workers who work together in a coordinated manner to resolve issues as needed. The SOC and the organization set parameters and guidelines for how the relationship will work, and how much support the SOC offers can vary depending on the needs of the organization.
  • VSOC does not reside in a dedicated facility, nor does it have dedicated infrastructure. It’s a web-based portal built on decentralized security technologies, which allows off- site teams to monitor events and respond to threats. It saves the significant costs of on- premises hardware and other infrastructure, and one can rely on virtual teams to become active when there’s an incident. A VSOC is mostly a reactive approach. Decentralized technologies and processes are much more likely to leave security gaps, which makes threat detection and response less efficient. And because the VSOC typically operates with part-time, geographically distributed personnel, one will not be able to count on having a 24×7 team dedicated to security. The VSOC can be improved through automation, SIEM technology, and analytics. Some organizations also choose to outsource their VSOC. While this increases security capabilities and access to expert resources, it also decreases internal visibility across the environment and may lead to longer response times when an event escalates.
  • Outsourced SOCs, in which some or all functions are managed by an external managed security service provider (MSSP) that specializes in security analysis and response. Sometimes these companies provide specific services to support an internal SOC, and sometimes they handle everything.

Conclusion

A SOC can be deployed as part of a comprehensive strategy to protect organizations large and small against advanced threats. But there’s no one-size-fits-all solution that provides the perfect balance between cost and effectiveness. For businesses, limited security budgets and lack of internal expertise create barriers to implementing a program that is effective and provides sufficient protection. To solve this problem, organizations should consider selecting a managed security operations provider’s SOC. Managed security is an outsourced model that extends the capabilities of in-house IT or security team. It includes a managed detection and response (MDR) solution, which removes the burden of determining the best methodology or technology for threat detection and response. A managed security operations model augments current network security tools with continuous threat monitoring, detection, and response. It also can include other security operations solutions that help assess and eliminate vulnerabilities and reduce cyber risk.

The SOC is undergoing an exciting transformation. It is integrating with ops and development departments, and is empowered by powerful modern technologies, while retaining its traditional command structure and roles to identify and respond to critical security incidents. SIEM is a foundational technology of the SOC, and how next-generation SIEMs, which include new capabilities like behavioral analytics, machine learning, and SOC automation, open new possibilities for security analysts.

The impact of a next-gen SIEM on the SOC can be significant. It can:

• Reduce alert fatigue via user and entity behavior analytics (UEBA) that goes beyond correlation rules, helps reduce false positives, and discover hidden threats.
• Improve Mean Time to Detect or Discover (MTTD) by helping analysts discover incidents faster and gather all relevant data.
• Improve Mean Time to Recover (MTTR) by integrating with security systems and leveraging Security Orchestration, Automation and Response (SOAR) technology.
• Enable threat hunting by giving analysts fast and easy access and powerful exploration of unlimited volumes of security data.

For employers, the best practices for running a SOC include developing a strategy, getting organization-wide visibility, investing in the right tools, hiring, and training the right staff, maximizing efficiency and designing SOC according to specific needs and risks.

For the security professionals, SOC offers innumerable job opportunities. They can align to the ever-increasing SOC demand.

References

1. 7×24 Exchange (www.7x24exchange.org) – leading knowledge exchange for those who design, build, use and maintain mission-critical enterprise information infrastructures.
2. AFCOM – Association for Computers Operations Management (www.afcom.com) – provides education and resources for data center managers.
3. ASIS International (www.asisonline.org) – source for security guidelines, educational materials, and workshops.
4. ASHRAE – American Society of Heating, Refrigerating and Air-Conditioning Engineers (www.ashrae.org).
5. Thermal Guidelines for Data Processing Environments – defines Class 1 and Class 2 Environments applicable to monitoring centers.
6. EIA – Electronic Industries Association (www.eia.org).
7. EIA-310-D Cabinets, Racks, Panels, and Associated Equipment.
8. OSHA – Occupational Safety and Health Administration (www.osha.gov). osha.gov/SLTC/etools/computerworkstations/positions.html
9. NFPA – National Fire Protection Association (www.nfpa.org).
10. TIA – Telecommunications Industry Association (org).
11. ANSI/TIA/EIA-942 Data Center Standard (downloadable).
12. Uptime Institute (www.uptimeinstitute.org).
13. White Paper. Tier Classifications Define Site Infrastructure Performance, downloadable from. org/cgi-bin/admin2/admin.pl?admin=view_whitepapers
14. UL – Underwriters Laboratories (www.nfpa.org) – standards for power and cable system design.
15. Over thirty-three billion records will be stolen by cybercriminals in 2023 alone.//atos.net/en/solutions/cyber-security/managed-security-services/SOC-security-operation-center
16. Security Operations Center Design | Examining the key design elements in a successful SOC implementation. //www.securityinfowatch.com/home/article/10537078/security-operations-center-design
17. //www.splunk.com/en_us/data-insider/what-is-a-security-operations-center.html
18. //www.crowdstrike.com/cybersecurity-101/security-operations-center-SOC/
19. //www.atruent.com/what-is-a-security-operations-center/
20. //www.exabeam.com/security-operations-center/security-operations-center-a-quick-start-guide/
21. //www.arounddeal.com/company-list/security-operation-center/1/
22. //www.arounddeal.com/company-list/SOC/
23. //blog.rsisecurity.com/types-of-security-operations-centers/
24. //www.guidepointsecurity.com/education-center/the-role-of-a-security-operations-center-SOC/
25. //www.bluesec.pl/wp-content/uploads/2017/03/SecurityOperationsCenter_eBook.pdf
26. //www.exabeam.com/security-operations-center/security-operations-center-roles-and-responsibilities/
27. //www.netdatavault.com/security-operations-center-SOC/
28. //www.msspalert.com/top250/list-2020/24/
29. //www.exabeam.com/security-operations-center/security-operations-center-a-quick-start-guide/
30. //www.msspalert.com/cybersecurity-services-and-products/SOC/as-a-service-for-msps/
31. //owasp.org/www-pdf
32. archive//OWASP_Security_Operations_Centre_(SOC)_Framework_Project_Presentation.pdf
33. //www.lewan.com/blog/5-reasons-you-need-a-security-operations-center-SOC
34. //www.vistacominc.com/system/files/pdf/International%20Security%20Operations%20Center.pdf
35. //www.securityinfowatch.com/home/article/10537078/security-operations-center-design
36. //brosnanrisk.com/global-security-operations-center/
37. //blog.rsisecurity.com/security-operations-center-audit-checklist/
38. //www.youtube.com/playlist?list=PLZg_TDpqoVKWG56w2YpUBvj13hOjVtgpL