Security operations center

For a similar concept in computing, see information security operations center.

security operations center (SOC) is responsible for protecting an organization against cyber threats. SOC analysts perform round-the-clock monitoring of an organization’s network and investigate any potential security incidents. If a cyberattack is detected, the SOC analysts are responsible for taking any steps necessary to remediate it. It comprises the three building blocks for managing and enhancing an organization's security posture: people, processes, and technology. Thereby, governance and compliance provide a framework, tying together these building blocks.[1] A SOC within a building or facility is a central location from which staff supervises the site using data processing technology.[2] Typically, a SOC is equipped for access monitoring and control of lighting, alarms, and vehicle barriers.[3]

SOC can be either internal or external. In latter case the organization outsources the security services, such monitoring, detection and analysis, from a Managed Security Service Provider (MSSP). This is typical to small organizations which don't have the resources to hire, train, and technically equip cybersecurity analysts.

  1. ^ Vielberth, Manfred; Böhm, Fabian; Fichtinger, Ines; Pernul, Günther (2020). "Security Operations Center: A Systematic Study and Open Challenges". IEEE Access. 8: 227756–227779. doi:10.1109/ACCESS.2020.3045514. ISSN 2169-3536.
  2. ^ de Leon, Sixto O. (1976). Security: Defense Against Crime. Manila: National Book Store. p. 17.
  3. ^ .Nadel, Barbara A. (2004). Building Security: Handbook for Architectural Planning and Design. McGraw-Hill. p. 2.20. ISBN 978-0-07-141171-4.