A Framework for Designing a Security Operations Centre (SOC)

Abstract: Owning a SOC is an important status symbol for many organizations. Although the concept of a 'SOC' can be considered a hype, only a few of them are actually effective in counteracting cybercrime and IT abuse. A literature review reveals that there is no standard framework available and no clear scope or vision on SOCs. In most of the papers, specific implementations are described, although often with a commercial purpose. Our research was focused on identifying and defining the generic building blocks for a SO… Show more

“…In contrast, [23] clearly state the threat intelligence as one of the functions of the SOC. In addition to that, the framework in [23] makes essential cyber security functions such as vulnerability scans and penetration testing functions as part of the SOC.…”

“…In contrast, [23] clearly state the threat intelligence as one of the functions of the SOC. In addition to that, the framework in [23] makes essential cyber security functions such as vulnerability scans and penetration testing functions as part of the SOC. This function is not specified in the study by [21] because generally this function can be implemented by the organization's ITC or any qualified third party.…”

“…With the increase in cyber-attacks, the establishment of SOC as organizational monitoring to contain these widespread problems is relevant and a must. [20], [21], [22], [23].…”

“…The monitoring task is intended to prevent the computer abuse and policy violations; to prevent and detect cyber-attacks, misuse, and leakage of data; and to respond to the incidents. According to [23], the SOC must work with a skilled workforce, predefined working process and the use of integrated intelligence technology to assist and manage the incident. It must include the incident management, digital forensic and reporting elements to ensure the success of the SOC.…”

“…It must include the incident management, digital forensic and reporting elements to ensure the success of the SOC. Table 2 highlights the comparison between two proposed frameworks of SOCs by [21] and [23].…”

Success Factors for Cyber Security Operation Center (SOC) Establishment

“…In contrast, [23] clearly state the threat intelligence as one of the functions of the SOC. In addition to that, the framework in [23] makes essential cyber security functions such as vulnerability scans and penetration testing functions as part of the SOC.…”

“…In contrast, [23] clearly state the threat intelligence as one of the functions of the SOC. In addition to that, the framework in [23] makes essential cyber security functions such as vulnerability scans and penetration testing functions as part of the SOC. This function is not specified in the study by [21] because generally this function can be implemented by the organization's ITC or any qualified third party.…”

“…With the increase in cyber-attacks, the establishment of SOC as organizational monitoring to contain these widespread problems is relevant and a must. [20], [21], [22], [23].…”

“…The monitoring task is intended to prevent the computer abuse and policy violations; to prevent and detect cyber-attacks, misuse, and leakage of data; and to respond to the incidents. According to [23], the SOC must work with a skilled workforce, predefined working process and the use of integrated intelligence technology to assist and manage the incident. It must include the incident management, digital forensic and reporting elements to ensure the success of the SOC.…”

“…It must include the incident management, digital forensic and reporting elements to ensure the success of the SOC. Table 2 highlights the comparison between two proposed frameworks of SOCs by [21] and [23].…”

Success Factors for Cyber Security Operation Center (SOC) Establishment

A Digital Twin-Based Cyber Range for SOC Analysts

Digital Twin for Cybersecurity: Towards Enhancing Cyber Resilience