Current Issue

Security Operations Centres (SOC)

Views: 505

Dalvinder SinghDalvinder Singh, Senior Consultant, SeMT, Government of Jammu & Kashmir

Security Operations Centres (SOC) enable operators to analyse threats, generate early warnings, prepare intervention programmes and manage crises. Security Operations Centres form the heart of any security infrastructure where data is fused, events correlated and warnings issued. Security entails multiple pillars, such as Information Privacy, Confidentiality, Integrity, Authenticity, Non-Repudiation and Availability. With the inherent complexity involving multiple partners, agencies, registrars, users; multiple access modes with unparalleled number of data records; one needs to have a holistic approach for identifying and addressing security concerns. The security approach emanates from the scope of the entire eco system and would directly influence the security landscape for assets and/or information.
Security is critical for this ecosystem, It seeks to manage risks on a continuous basis  and in a more sophisticated, systematic and professional manner. Towards achieving this, one should intends to further strengthen its Information Systems Security by setting SOC for continuous review, monitoring, and mitigation of IT risks, threats and vulnerabilities.
Designing, building, and managing SOC can dramatically improve the ability of an organisation to recognise in a timely manner and take necessary action to safeguard itself against malicious information security events. A SOC can also assist in ensuring organizations leverage the full value of the often expensive investment in security technology and meet multitude regulatory compliance requirements.
Approaching the challenge across the full scope of People, Process and Technology will ensure the SOC is up to the task of effectively and efficiently recognizing and responding to malicious events.

Key Responsibilities of Information Security Governance and Compliance Office should include:

• Design security policy framework (including policies, processes, procedures)
• Log collection, monitoring and correlation of all audit trail events
• Design security compliance framework
• Conduct vulnerability assessment, penetration testing and application security testing
• Conduct Information Security Review and Evaluation of any new system
• Component/ technology being commissioned into customer network
• Conduct security review of any changes to the existing Infrastructure
• Drive and Impart Information Security Training & Awareness Sessions.
• Define Risk Assessment Methodology and associated templates. Conduct information risk assessment on critical assets
• Document security baseline standards for all system components
• Define, measure and report security metrics
• Define and maintain IT Disaster Recovery strategy. Create DR test plans and conduct DR tests on a regular basis
• Define audit roadmap, conduct security audits, all third parties/partners of customer
and provide results in a dashboard
• Take inputs from fraud detection engine and integrate these alerts into overall incident management framework
• Coordinate primarily with Cert-In and other such nodal government agencies to handle fraud incidents
• Monitor possible external threats to the customer Eco-system, provide advisory information, recommendations and manage implementation changes to mitigate such threats.
• Regularly review new security best practices, technologies, standards and advise customer
• Undertake Forensic Investigations into Data breaches to ascertain root cause and provide recommendations on the necessary changes to People, Process and Policies accordingly. Provide Expert witness for judicial purposes
• Define and advise security controls for customer infrastructure by virtue of being identified as Critical ICT Infrastructure under the provisions of IT Act 2008

Comments

comments

Click to comment

Leave a Reply

Your email address will not be published.

Latest News

To Top