What to Consider When Building a Global Security Operations Center (GSOC) – Part 1
Mar 28, 2016
This is part one of a two-part series on what to consider when building a global security operations center.
The foundation for a best-in-class global security operations center starts in the planning phase. Northland has designed and built GSOCs for Google and Apple, and we’ve built our own to support our clients who want all of the benefits of a GSOC without having to manage or invest in building one. So we know a thing or two about what makes a great GSOC, what are some common pitfalls, and which elements or features maximize the return on investment. Creating a plan for incremental phases of implementation is critical. Allowing six months for planning and developing SOC requirements and getting buy-in is recommended.
To begin, define the purpose and role of your GSOC. What will be the primary focus of the GSOC? Will it be identifying and responding to risks (physical and or cyber.) Will your GSOC monitor life safety systems as well as access control systems? Will your GSOC also monitor critical equipment, respond to facility issues, and provide intelligence services? Is social media monitoring an important function of your GSOC? Will your GSOC be responsible for predicting security attacks and minimizing the impact? Will your GSOC be a point of contact for employees after hours? Once you know all of the things you want your GSOC to handle, prioritize them.
When you have the role and function of your GSOC defined, it’s a good time to think about the location. Doing an initial vulnerability assessment is recommended. What are the things that could disable the GSOC at this location? While every risk can’t be eliminated, knowing what the risks are and proactively developing back-up plans and systems to prevent loss of functionality to network, electric, lighting, and HVAC systems are crucial. Does the location allow for future growth? Is the location appropriate for the anticipated lifespan of the SOC?
After working through the location issues, you can begin to identify the types of resources and technologies you will need. Badging and monitoring access control systems are often central components to GSOC operations. Investigating, verifying, and responding to alarms effectively and efficiently will require a thorough analysis of the technologies available and best practices in the industry to determine what tools and resources you will need. Responding quickly and with clear pre-determined action plans and instructions are vital to success and will likely require a robust and fully integrated physical security program.
In thinking about technologies, standards will be important. Technology is ever-evolving, and it’s important to think about what’s available now and what emerging technologies you might anticipate incorporating in the future. Having IT standards will ensure compatibility in the future with computing and communications infrastructure.
Also, if you have multiple locations around the world you may find that you’re operating on different access control systems and will require either migrating to one universal standard system. You may also find that process and procedures are different regionally. Sorting through these and determining a common standard will allow you to have fully scalable and robust security operations.
Look at historical data across your company locations. How many alarms are you receiving monthly? How many people would it take to investigate and verify them? Do you have video cameras in place and the systems you need to easily do this and provide the appropriate response? What is your desired response time? How many operators would you need in order to respond to this volume of alarms within the desired time frame? This will give you a sense of how large the GSOC should be.
Now that you have a defined role and a sense of the capacity you will need, creating a plan for incremental phases of implementation is critical to success. GSOCs require collaboration and communication among multiple functions inside an organization and disparate security products and technologies.
Click here for part two of this blog post.