Skip to 0 minutes and 12 secondsHi and welcome to Intrusion Detection and Incident Response. In this module we will look at how an organisation can effectively monitor its network infrastructure, defend itself from external and internal threat, prevent future security breaches and how these steps can be taken to establish a robust security operation centre; more commonly called a S.O.C. Ethos Industries, our international biotech corporation with a very shady side had their security compromised recently during a malicious eco-activist attack against the company, leading them to lose extremely valuable and sensitive data. A highly skilled activist, DanG, exfiltrated a copy of their key database after utilising a word macro virus in a high-level phishing attack.
Skip to 1 minute and 8 secondsEthos's physical security and network systems were breached, forcing the company's board of directors to review its network security infrastructure. So during a recent Ethos board meeting, the directors decided to follow best practice and committed themselves to setting up and resourcing a Security Operations Centre. The S.O.C. team's aim will be to monitor and analyse activity on the Ethos servers, databases, networks, endpoints, applications and their websites using a combination of technological solutions and a strong set of processes to look for anything that could be indicative of a security incident. The Ethos S.O.C. team will also be responsible for ensuring that all potential security incidents are correctly identified, investigated and reported on.
Skip to 2 minutes and 6 secondsWe will be following Ethos's set up and the deployment of their S.O.C., showing how it has helped their company achieve better security and hopefully how it will prevent a repeat visit by the likes of DanG. We'll start off this process just as Ethos are doing by considering what is a S.O.C., what it needs to do and who the S.O.C. should be hiring to staff.
Welcome to the course
In this course, we’ll concentrate on Security Operations Centres.
We look forward to exploring this topic with you over the next two weeks, and to providing you with the tools to help you improve your own area of practice.
This week, we’ll focus on:
- The role of the Security Operations Centre (SOC)
- SOC processes
- SOC staff
This short course forms the two-week introduction to our Intrusion Detection and Response program, which is part of the wider MSc Cyber Security online degree at Coventry University, delivered via FutureLearn.
What are you most looking forward to seeing in this course?
Meet the team
This course was created by:
Faye Mitchell, deputy head of the School of Computing, Electronics and Mathematics at Coventry University.
Sandy Taramonli, from the Faculty of Engineering and Computing.
Christo Panchev, senior lecturer in cyber security
To guide you through the program and help you make sense of it, we have Antal Goldschmidt.
During the course, you can ask the team questions, reply to their posts and follow them via their FutureLearn profile pages. By doing this, you’ll be able to see all the comments they make.