Безопасность информационных технологий (Dec 2016)
Information Security Operations Centers
Abstract
At present information security (IS) incidents have become not only more numerous and diverse but also more damaging and disruptive. Preventive controls based on the IS risk assessment results decrease the majority but not all the IS incidents. Therefore, an IS incident management system is necessary for rapidly detecting IS incidents, minimizing loss and destruction, mitigating the vulnerabilities that were exploited and restoring organization’s IT infrastructure (ITI), including its IT services. These systems can be implemented on the basis of a Security Operations Center (SOC). Based on the related works a survey of the existing SOCs, their mission and main functions is given. The SOCs’ classification as well as the key indicators of IS incidents in II are proposed. Some serious first-generation SOCs’ limitations are defined. This analysis leads to the main area of further research launched by the author.
