White Papers May 01, 2015

SANS: Building a World-Class Security Operations Center: A Roadmap

For organizations without a formalized incident-handling capability, the creation from scratch of a security operations center that enables centralized visibility, alerting and investigation can be a daunting task. But fortunately organizations don’t need a room full of security experts and an investment of millions of dollars in security systems to make progress here. In this paper we look at how to develop an effective security operations center (SOC) and provide a roadmap for continuously evolving this capability to keep pace with the tactics of the adversaries.

Download

If you are reading this paper your most pressing concern undoubtedly is protecting your organization’s intellectual property and sensitive customer data.

Highly visible breaches and attacks have brought an intense focus on organizations’ incident detection, investigation and mitigation capabilities. After all, if you can’t prevent a security incident, you had better be able to detect and respond to it quickly. But just increasing security spending does not guarantee more protection. Achieving the goal
of better security depends on how that budget is allocated; what people, procedures and infrastructure are put into place; and how the security program is managed and optimized over the long term.

For organizations without a formalized incident-handling capability, the creation from scratch of a security operations center that enables centralized visibility, alerting and investigation can be a daunting task. But fortunately organizations don’t need a room full of security experts and an investment of millions of dollars in security systems to make progress here. In this paper we look at how to develop an effective security operations center (SOC) and provide a roadmap for continuously evolving this capability to keep pace with the tactics of the adversaries. 

sans-building-world-class-security-operations-center-roadmap-thumb