The security operations center (SOC) serves as your centralized view into your overall enterprise organization infrastructure and individual information systems. The security operations center's goal is to ensure that this view is as real time as possible so that your organization can identify and respond to internal and external threats as quickly as possible, helping to ensure the continued confidentiality, integrity, and availability of your organization's information systems.
Think of the SOC as the technological equivariant of the physical security controls implemented by your organization.
In this chapter, we will be discussing:
- The responsibilities of the security operations center
- Security operations center tool management
- Security operations center tool design
- Security operations center roles
- Security operations center processes and procedures
- Internal versus outsourced security operations center
From the physical security world, you have...