Highly visible breaches and attacks have brought an intense focus on organizations’ incident detection, investigation and mitigation capabilities. After all, if you can’t prevent a security incident, you had better be able to detect and respond to it quickly. But just increasing security spending does not guarantee more protection. Achieving the goal of better security depends on how that budget is allocated; what people, procedures and infrastructure are put into place; and how the security program is managed and optimized over the long term.
For organizations without a formalized incident-handling capability, the creation from scratch of a security operations center that enables centralized visibility, alerting and investigation can be a daunting task. But fortunately organizations don’t need a room full of security experts and an investment of millions of dollars in security systems to make progress here. In this paper we look at how to develop an effective security operations center (SOC) and provide a roadmap for continuously evolving this capability to keep pace with the tactics of the adversaries.
2015 Energy Industry Cybersecurity Report
Strategic Cybersecurity: A Toolkit for Prioritizing, Coordinating, and Transforming Your Cybersecurity Program