The roles and responsibilities of the Security Operations Centre (SOC)
MonitoringThis can be considered to be one of the core responsibilities of the SOC, although it is often now subsumed into security information and event management. Here, the SOC is responsible for monitoring any security aspect of the IT system. There can be a large degree of overlap here with other parts of the organisation, as it will obviously interface with physical security which is commonly looked after by a different part of the organisation. There may be overlap with other parts of the IT operations team, especially when it comes to issues of availability, which can be the responsibility of both the SOC team and the operations team.
Security incident responseIn many ways, this is the main reactive job of the SOC. In incident response, we are detecting and responding to security incidents in a timely fashion. For those of you who will continue on MSc Cyber Security degree, we’ll discuss this in more detail later on in the program.
Security Information and Event Management (SIEM)SIEM takes ideas from ITSM and applies it to the management of security-related data. This data can take the form of event information obtained from monitoring, but also includes other security information such as existing controls, configuration item details, threat intelligence, security knowledge bases and other similar information.
Threat intelligenceAn increasingly common part of the role of the SOC is to be able to respond to potential threats. In order to do this, the SOC needs to gather threat intelligence which can guide the actions of the SOC. This can take many forms and utilise a range of sources such as social media, Computer Emergency Response Teams (CERT) warnings, vendor briefings, observations from our own systems, etc. This responsibility is often only undertaken by larger SOCs and may be outsourced. For example, in the UK the national CERT is the National Cyber Security Centre.
Information risk management
Want to keep
Coventry University online course,
Information assurance (IA)After we have defined the risk and established the controls that are needed, we need to make sure that the controls are implemented. This is information assurance (IA) and if a SOC is responsible for information risk management, it will normally be responsible for IA. The UK Cabinet Office defines IA as ‘the confidence that information systems will protect the information they carry and will function as they need to, when they need to, under the control of legitimate users’ (UK Cabinet Office 2011). As such, IA can be thought of as the superset of information security as it covers any risk to availability, not just security risks.
Information security complianceInformation security compliance is concerned with the degree of compliance with external regulation and internal policies. The external regulation is often legal (eg GDPR, Computer Misuse Act, etc), but may also be sector standards such as the Payment Card Industry Data Security Standard (PCI DSS) which is the standard organisations must adhere to in order to process credit card data.
Security governanceUntil recently, governance was seen purely as a board-level activity, and while it is true that governance is still primarily a board responsibility, the last best practice approaches encourage governance to be embedded at all levels and allow specialist parts of the organisation to handle appropriate parts of the governance process. For IT governance, it is therefore logical for the SOC to advise or take a lead in aspects of IT security governance. The SOC will often perform other roles relating to security in addition to the ones listed above; however, those will be largely determined by the organisational context in which the SOC operates.
Your taskWhich of the tasks and responsibilities described above do you think would be most important for Ethos? There is no real right or wrong answer to this so remember to justify your opinion.
ReferenceBSI (2018) ISO/IEC 27005:2018 Information Technology. Security Techniques. Information Security Risk Management. [online] available from https://bsol.bsigroup.com/Bibliographic/BibliographicInfoData/000000000030372032 [30 July 2019] UK Cabinet Office (2011) HMG Security Policy Framework London: The Stationery Office
Our purpose is to transform access to education.
We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.
We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.