All Blog Posts

What to Consider When Building a Global Security Operations Center (GSOC) – Part 2

This is part two of a two-part series on what to consider when building a global security operations center. We left off at looking at historical data and creating a plan for collaborating with multiple functions across your organization.

Developing system standards and a technology roadmap are essential next steps. As your company grows and the function of the GSOC expands, you will want a clear and organized means to do so. Defining immediate goals and incremental improvements based on regularly performed security audits and gap analyses will guide the future development and expansion of the SOC. It will also identify critical milestones and priorities. Clearly communicated standards and a prioritized technology roadmap allows you to budget effectively and gives everyone in your organization a clear picture of what is needed, what to expect, and when.

The security industry is filled with emerging technologies from software to devices. It’s important to think beyond just the functionality. Whenever thinking about and investigating technologies, we advise clients to consider how long the technology has been around, how long the company has been in existence, how the company is funded, and what is the tech support model. There are times when it makes sense to invest in enterprise solutions and other times when there might be a more cost-effective approach that delivers the same result.

Think now about how you will monitor and maintain all of the system devices and programs. Will you employ a tracking system that identifies problems? Will you be monitoring more than access control systems and video cameras? What resources will you need to respond to device or software issues anywhere in the world? How will you ensure consistent service and monitoring of these devices globally? Establish standards and map out maintenance processes and standards and make sure there is a thorough commissioning process.

Now that you’ve done all of that, plan for redundancy. Identify what backup systems you will need to make sure there is no downtime in the event of a disaster or threat. Do you have a second SOC somewhere or outsource to another company? Is your data backed up and visible enterprise-wide? Do you have an appropriate generator in place in case of power loss? Do you have network and communication redundancy?

Once you have an SOC, the work does not stop there. Incorporating security into the company’s culture will be a critical part of success. Consistently and perpetually refining policies and procedures in response to what is and is not working well for the organization will be ongoing responsibilities.

Some additional resources that may be helpful:
http://www.mcafee.com/us/resources/white-papers/foundstone/wp-creating-maintaining-soc.pdf
https://www.rsaconference.com/writable/presentations/file_upload/tech-203.pdf
http://www.cso.com.au/article/414984/six_pillars_security_operations/
http://www.7x24exchange.org/
Part 1 of What to Consider When Building a Global Security Operations Center