Initial SOC setupCyber Management

Begin Learning Cyber Security for FREE Now!

Already a Member Login Here

Home Forums Cyber Management Initial SOC setup


This topic contains 1 reply, has 2 voices, and was last updated by  Chin_Diesel 3 years, 7 months ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
  • #88403



    I am assisting my current security management in setting a basic SOC that will be performing system monitoring, threat detection and incident management. Anyone have experience how to kickstart on planning and stuff? Any reference doc that will be good for reference on this matter?




    I’d start by asking some of the following:
    Do you have any SOPs in place that define what your team is to do, what they can/can’t do, and what you will do to those found in violation of your policies/rules?
    Do you have management buy in/had your leadership empowered your team to do all that is necessary to fulfill your role as security?
    Do you have any plans on what is feasible for your team to do in stages, like availability monitoring (hosts, services, ports, file shares, storage, etc.), APM, log monitoring, and things like that? Management tends to want to everything to be available immediately, so you’ll need to manage expectations and give them a realistic timeline about what you can offer, and what will be available in the near future.

    I would kick around some of that, but the most important thing is to get buy-in from management. Everyone love to say they want security, but when they see that it does cost time, effort and money, and causes project schedules to be pushed to the right, then they tend to override security and make exceptions, and other PMs see these exceptions, and also ask for them, and then your team is wondering why you are even trying, because they don’t take many aspects of security seriously.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?