18.09.2018 | Daniel Felix Maurer
Sourcing a SOC / CDC requires Consideration
The detection and handling of security incidents, also known as Security Information and Event Management (SIEM) or “Detection and Response” according to the NIST Cybersecurity Framework, is - unfortunately - becoming increasingly important. The Security Operations Center (SOC) or Cyber Defense Center (CDC) plays a central role in the implementation of SIEM processes. The demands on the expertise and availability of the SOC/CDC are high; unfortunately, internal attacks cannot be restricted to office hours. These are important reasons why SOC services are often outsourced to third parties, and the market offering is growing rapidly as a result.
The SOC service provider should be selected on the basis of an appropriate requirements specification that also takes into account the customer’s restrictions. A 24/7 service for detection, for example, is of little use if the departments responsible for risk assessment and/or response are only available during office hours. Another fundamental question is whether the SOC service should be transferred to the system operator, a managed security provider or deliberately to an independent third party. There are good arguments for all three strategies and the decision must be based on the specific objectives of SOC sourcing.
Daniel Felix Maurer is a cybersecurity expert with more than 30 years of experience as a consultant and manager. During this time, he has advised many companies and authorities on all aspects of information and IT security management and has written over a hundred security concepts, security architectures and risk analyses.
Daniel Felix Maurer, Managing Security Consultant