Image

Implementation of a SOC

Cybersecurity Operations Centres are nowadays a fundamental cybersecurity tool for organizations. They provide a set of means to detect and react quickly to a cyber incident and provide organizations with sufficient capabilities to detect new threats.

For this reason, in parallel to the development and implementation of the National SOC Network, the National Cryptologic Centre collaborates with different public bodies in the deployment of the necessary capacities for the constitution of these Centres. Within the framework of this collaboration, the CCN-CERT carries out a preliminary study of the organization interested in implementing a SOC to find out about the ICT infrastructure of the organization and its previous needs.

Areas to evaluate before implementing a SOC


The systems to be protected and the security status.


Sources to monitor.


The initial metrics of the attack surface area, the internal state of security and the measurement of the Centre's performance.

Likewise, for the deployment and implementation of SOCs in the public sector, the National Cryptologic Centre makes its common and shared tools available to organizations to facilitate the subsequent integration of each SOC into the National SOC Network.

Areas of collaboration

Herramientas

Use of common and shared tools to improve security.

Valoración del cumplimiento del organismo con el ENS

Assessment of the agency's compliance with the ENS.

Incident management support, particularly for critical incidents

Incident management support, particularly for critical incidents.

Collaboration procedure in the deployment of a SOC
 Collaboration procedure in the deployment of a SOC

Organisations interested in receiving advice on the deployment of a SOC can contact the CCN at: rns mail3

Enlarge graph
Federated model proposed by the CCN
Federated model proposed by the CCN


See the following graph for the federated model proposed by the CCN.

Enlarge graph

Logotipo Ministerio Defensa

cni 20a ccn2