About SOCs
The CCN understands that a Cybersecurity Operations Centre (SOC) is a set of technologies, processes and people that through their interrelation, cooperation and coordination provide cybersecurity services to your community.
Its mission is to act as the main measure for the protection of the cybersecurity of the community itself. This community can be of various types, from both public and private organizations, to individuals or groups. Its institutionalization is the decision of the organization that promotes it and its recognition is obtained through participation in different exchange forums.
The cybersecurity services that they can provide are:
To expand knowledge regarding its vulnerabilities, both technical and human, to reduce the exposure surface.
To apply blocking measures, at different points of the infrastructure, to prevent or limit cyber attacks.
To observe everything that happens in the organization, to look for existing threats.
To act against cyber incidents, to minimize the impact on the Organization.
To establish the direction of the rest of the services, to carry out correct governance.
A special mention deserves government SOCs, which provide these services to one or several public institutions in a country, acting as a fundamental component of the national capacity for prevention, protection, detection, coordination and response to cyber incidents. In these cases, institutionalization is promoted and sponsored by a public institution with powers in matters of national security.
Details of services
The aforementioned cybersecurity services are divided into the following subservices:
Prevention Service:
- Vulnerability Analysis: To identify and remediate existing vulnerabilities in systems and applications and prevent them from being exploited by attackers.
- Technical security inspections and penetration testing: To help identify vulnerabilities and weaknesses in the IT infrastructure, as well as evaluate the effectiveness of existing security measures.
- Digital surveillance: To proactively detect threats and risks before they materialize in a security incident.
Protection Service:
- Cybersecurity operation: To implement security measures such as firewalls, antivirus, intrusion detection/prevention systems (IDS/IPS) that protect IT infrastructure. To keep the software and firmware of systems and devices updated and correct vulnerabilities and improve security. To implement a process for timely application of security patches and correct known vulnerabilities.
Detection Service:
- Cybersecurity monitoring: To monitor IT infrastructure and detect potential security incidents early.
- Log analysis: To collect and analyze security logs and identify possible intrusions or anomalous activities.
- Threat Hunting: or proactive threat hunting, to detect anomalies that could indicate an ongoing or imminent attack.
Response Services:
- Incident Response Team (IRT): Through a specialized team, to manage cybersecurity incidents and contain the damage, remediate the incident and restore the affected systems. To define and operate an incident response plan that establishes the actions to be taken in the event of a cyber incident. And to perform forensic analysis and determine the cause of the incident and the extent of the damage.
Cybersecurity Management Service:
- Cybersecurity advice: To advise the organization on how to improve its security posture and comply with current regulations.
- Legal and regulatory compliance: To ensure that the organization complies with laws and regulations related to information security.
- Security training: To promote that the organization's personnel receive security training so that they can be aware of threats and know how to act in the event of an incident.
- Dashboards: To define and implement dashboards that provide information on the state of the organization's security, such as the number of security incidents, existing vulnerabilities and the status of security measures.
Implementation
Under construction.
Certification
Under construction.
