Effective Security Operations
This two-day course provides an overview of security operations structures, functions, and activities. It describes general good practices and processes for effective and resilient operations. The course discusses how to effectively manage and operate a security operations center and provide a framework to mature the operations over time. The course addresses various ways that security operations activities are institutionalized such as in a Security Operations Center (SOC).
The course is beneficial to those new to SOC operations by providing an introduction to the role a SOC plays in an organization and the types of activities it performs. It is also beneficial to those already in a SOC or familiar with SOC operations by providing opportunities to benchmark their own processes to identify potential improvements. Topics covered include the role of a SOC within a CISO organization, the type of positions and skills needed, various organizational models for implementing a SOC, day-to-day activities performed, types of tools used, and methods for governance and measuring effectiveness. Future issues to take into account as service platforms and attacks evolve will also be discussed.
One section of the course will focus on introducing various structured analysis techniques such as the Cyber Kill Chain, the Diamond Model of Intrusion Analysis, and the MITRE ATT&CK Framework. Exercises will allow attendees opportunities to see how these techniques can improve analysis activities. The course also discusses how applying the scientific method to threat and incident analysis can provide more focused and effective analysis outcomes.
- performing SOC roles and activities
- coordinating or interfacing with the SOC
- submitting or receiving data or information with the SOC
- reporting incidents to SOC
The course is also beneficial for staff
- who are building, benchmarking, or looking to improve their SOC processes
- who are C-level executives (CIOs, CSOs, CISOs, CRO, etc.) and want to better understand SOC operations and improvements
At the end of this course the attendee should be able to
- identify the components of an effective SOC
- define situational awareness and its applicability to SOC operations
- explain what structured analysis is
- describe different methods for structured analysis
- plan a strategy for SOC enhancement
- Security operations definitions
- Components of security operations
- Characteristics of effective SOCs
- SOC Roles and Responsibilities
- SOC Organizational Models
- SOC Governance
- Structured analysis techniques and practical exercises
- SOC transformation and improvement
Participants will receive a course notebook and a downloadable copy of course materials.
Before registering for this course, participants must be familiar with Internet services and protocols; network analysis techniques; cyber threats, attacks, and mitigations.
Training courses provided by the SEI are not academic courses for academic credit toward a degree. Any certificates provided are evidence of the completion of the courses and are not official academic credentials. For more information about SEI training courses, see Registration Terms and Conditions and Confidentiality of Course Records.