Many companies that operate their own cyber security organization have a security operations center (SOC). Many others still cope with incident management, but do not have an SOC. This is a fact; however, after reading this interesting book, the reader is stimulated to consider additional points with regard to SOCs. Indeed, the comprehensive approach to security incident management described in the book explains how the SOC does not necessarily look like a “NASA site with fancy monitors and semi-circle arranged desks”; instead, it might be composed of “individuals sitting in normal cubicles as one would see in any office situation.” The main message conveyed by the author--David Nathans, a highly experienced consultant who built several enterprise security programs and security operations centers--is that a security operations center is the result of infrastructure, organization, people, and processes.

After introducing the topic and presenting some use cases in chapters 1 and 2, chapter 3 defines the organizational, operations, and support infrastructures, including the network, host, application, and data defenses; the management of the logs originated by security controls; and how to efficiently manage event flows with ticketing systems. Chapter 4 is dedicated to the organizational structure, identifying reporting lines and responsibilities. Chapter 5 drills down on manning the SOC: the chapter expands on the required culture, personality, core skill sets, and drafts of the job descriptions for the most important positions, for example, security analysts, security architects, and security operations engineers. Chapter 6 further details the day-to-day operations of an SOC, describing how the team can efficiently operate and process the daily operations calls, from the required communication plans through shift schedules, to checklists and workshops useful for keeping the team aligned and focused.

Training is a fundamental aspect for a team that deals with rapidly changing threats and vulnerability, and is discussed in chapter 7. Chapter 8 is about metrics to organize the information gathered into useful analysis, including vulnerability and asset prioritization as an instrument to set up appropriate mitigation measures. Chapter 9 is about security intelligence, which is critical to improve the efficiency and effectiveness of the SOC. Finally, chapter 10 contains important hints for those companies that decide to outsource the SOC.

This book is a highly recommended reference for security managers and security practitioners who want to develop the capability to efficiently protect a company and its customers, or simply improve security incident management.

More reviews about this item: Amazon