Technology is one aspect of an effective IT security or incident response program, not a magic elixir that will cure all that ails them. Organizations must also have business goals, a strategy on how to use the technology, the right people in place, and defined processes and procedures to enable their operations to be successful. ThetaPoint’s SOC Workshop focuses on the supporting infrastructure of Security Operations (SecOps). The goal of the workshop is to provide clients with an understanding of all the variables in their environment that need to be in place to support SecOps and establish a Roadmap for Success.
IT Security Operations Centers (SOC) are only as good as their ability to monitor, detect, respond, and predict – all of which should align to the desired outcomes and metrics set by the company leaders. SOCs are an intricate mix of people, processes and technology executing on a select set of mission parameters to protect the company to which they are chartered.
SWOT Assessments help you get an understanding of:
1. The current maturity level of your SOC and what to do to up your game.
2. Skills needed in the security analyst roles to perform their important functions.
3. Required workflows to execute your chartered mission (e.g. incident response, change management, day-to-day operations, etc).
4. Necessary processes & procedures required to run an efficient and effective SOC.
5. The right tools & technology to leverage in order to perform the SOC’s mission.
As detailed in our SRA – People Blog Post, many organizations struggle identifying, hiring, and retaining qualified security personnel. Because of this challenge, we often see organizations reducing their standards, leading to individuals who are ill-suited for their responsibilities or trapped with no opportunity for career progression. Because so many organizations are seeking the same types of skillsets, adding too many requirements to the position can limit your search. In addition, promoting from within and from the wrong skillsets can pigeonhole you and your staff for years to come. In some scenarios, your talent pool can become insufficient and unbalanced: heavy in some skill areas, light in others, and lacking critical skills for organizational success.
As part of our SOC Workshop we focus on a couple of key organizational aspects to build a successful SOC framework for your most valuable resource, your People. As part of this framework, we establish a proper Organization Chart, Mission and Charter, Roles and Responsibilities, and the requisite knowledge, skills, and abilities your team will need to support each staff position. We will also establish a clear path for talent development and career progression within each role and how that will play into your strategy for managing churn.
As detailed in our SRA – Process Blog Post, repeatable processes create consistent outcomes – for better or worse. Defects in those processes can cause flawed investigations, system outages, and missed incidents. Your SOC produces its most valuable data from human judgement. However, this value comes from uniformity and reliability. The effects of poor processes ripple outward to distort incident reviews, assessments, and forecasts. Processes that do not capture the right data at the right time risk validity under future scrutiny. Looking back on your process data is always difficult, but it’s even harder when you don’t have the right data to look at.
As part of our SOC Workshop we focus on establishing a process life-cycle that fits within your organization’s internal controls to create repeatable and positive outcomes. If your organization does not have an accommodating internal controls process, then you can manage your SOC processes as though they were any software development or IT implementation project that needs regular refreshes. If you regularly reassess the value of your work through the lens of the goals above, you can prevent those “What were we thinking?” and “Why are we doing this?” moments.
Upon completion of the SOC Workshop, clients will have an established understanding of their strengths and weaknesses as it relates to their People. The next step is to implement the Workshop’s Roadmap to ensure that all roles and responsibilities have been adequately staffed by knowledgeable people.
It is not always feasible for organizations to be able to staff all resources with internal employees. ThetaPoint’s Staff Augmentation Service provides clients with world class engineers, analysts, and support staff. ThetaPoint can provide individual resources to fill gaps or assist clients through our Managed Services for SOC Engineers and SOC Analysts.
Upon completion of the SOC Workshop, clients will have an established understanding of their strengths and weaknesses as it relates to Policy and Procedures. The next step is to implement the Workshop’s Roadmap to ensure uniformity, reliability, and consistency across all workflows and processes.
ThetaPoint’s Policy and Procedure Development service assists clients in development activities by using proven policy and procedures as a baseline, then customizing to meet the organization’s business needs.