Building Effective Security

Operations Center

Tithirat SiripattanalertCISSP, GCIH, CISM, CRISC, CGEIT, PCIP, CObIT, ITIL, ISO270001 LA

Chief Information Security Officer and Chief Data Officer

True Digital Group

Building Effective Security Operation Center

• Cyber security incidents

• Myths of setting up SOC

• Consideration in selecting SOC technology

• Required skill set and development plan

• Security incident response plan

• Ecosystem of advanced SOC

Cyber Security Incidents

Cyber Security Incidents

Myths of Setting up SOC

• Technology alone can prevent us from cyber attack

• SOC jobs are for junior staff

• Collect logs from everything without understanding

• Technology choices are easy and straightforward

• If there’s an incident, we can figure our response out

then

Considerations in Implementing SOC

Know your environment

Classify your assets and define clear goals

Choose flexible and scalable technology

Develop incident response plan

Required Skill Set and Development Plan

• Threats and vulnerabilities

• Security tools fundamental

• System and network

• Logical thinking

• Incident Response

• Number of staff : 14-28 staff

Security Incident Response Plan

• Clear role and responsibility

• Cyber drill incident response

PR Legal IT HRExecutive

Call Center

Third Party

Sample Internal Metrics to Monitor SOC Effectiveness

• Escalation fidelity

• Number of false positive alerts

• Number of high severity incidents in open status

• Time to notify for high severity incidents

Ecosystem of Advanced Security Operations Center

Advanced SOC

Endpoint Detection

and Response User &

Entity Behavior Analytics

Network Traffic

Behavior Analytics

Automation &

Orchestration

Vulnerability Management

Threat Intelligence

Incident Response

• Know your environment

• Classify your assets and define clear goals

• Choose flexible and scalable technology

• Develop incident response plan

THANK YOU!

Tithirat Siripattanalert

Tel: 063-839-0378

Email: tithirat.sir@truedigital.com