{"id":6671,"date":"2014-09-10T15:00:02","date_gmt":"2014-09-10T22:00:02","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=6671"},"modified":"2014-09-10T10:41:30","modified_gmt":"2014-09-10T17:41:30","slug":"importance-process-security-operations-center-soc","status":"publish","type":"post","link":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/2014\/09\/importance-process-security-operations-center-soc\/","title":{"rendered":"The Importance of Process in Your Security Operations Center (SOC)"},"content":{"rendered":"<p><em>Hopefully by now you\u2019ve read our new paper \u201cKeeping a Trusted Eye On Today\u2019s Government Networks: Building or Realigning the Government Security Operations Center\u201d and Rick Howard\u2019s article on the talent needed for the SOC.\u00a0 If not, you can download them <a href=\"https:\/\/www.paloaltonetworks.com\/blog\/2014\/08\/building-new-soc-re-invigorating-existing-one\/\" target=\"_blank\">here<\/a>.<\/em><\/p>\n<p><em>For more perspective on the topic, let\u2019s reiterate the need for process as an important component of your SOC planning. <\/em><em>As a former Army officer and graduate of both the Naval Academy and West Point, Tim Haight understands the importance of process in government and - as former Chief of one of the Army CERTs - in particular in Security Operations Centers.<\/em><\/p>\n<p>By Tim Haight, Owner, Knowetic Solutions, LC<\/p>\n<p>Like many organizational capabilities, a Security Operations Center (SOC) can be described in terms of its people, process, and technology: three components that must work in harmony to deliver the services needed to keep the enterprise secure.<\/p>\n<p>On the surface it seems clear why people and technology are essential to a successful SOC, but the importance of <em>process <\/em>can be more difficult to articulate \u2013 especially as it relates to a capability that many feel is more art than science.\u00a0 Nonetheless, process does play a critical role in the creation and operation of the SOC.\u00a0 Here\u2019s why:<!--more--><\/p>\n<ol>\n<li><strong>The SOC is a service organization<\/strong> \u2013 just like the IT service organization.\u00a0 Adopting an Information Technology Service Management (ITSM) framework such as the Information Technology Infrastructure Library (ITIL) provides many benefits to the IT service organization.\u00a0 Embracing a similarly process driven approach will extend those same benefits to the SOC.\u00a0 Strategically, the \u201cright\u201d process approach can make the SOC more accountable to its customers and align SOC priorities with business priorities.\u00a0\u00a0 Operationally, almost any process approach should reduce redundancies leading to increased resource utilization and quality of service.<\/li>\n<li><strong>Effective organizations are not stagnant<\/strong> and process is a key enabler in defining metrics to be used for improvement.\u00a0 Process and metrics can sometimes be like the \u201cchicken and egg,\u201d but you will probably have situations where you design a process around the desired metric, and other times when you choose the metrics to evaluate a critical process. The important thing is to tie meaningful metrics to implementable processes, measure those metrics, and then use those measurements to improve over time.<\/li>\n<li>Your Information Security Management System (ISMS) does not need a SOC to be ISO\/IEC 27001:2013 compliant.\u00a0 But <strong>if you have a SOC and you want to be compliant<\/strong>, it needs to be process-based.\u00a0 So if you don\u2019t want to adopt process to be more effective or more efficient (see 1 and 2 above), then adopt process to be <em>compliant<\/em>.<\/li>\n<li><strong>Process is a gap filler<\/strong> between the people and the technology.\u00a0 Your cyber security technology is not a complete solution \u2013 it probably does a lot, but at some point your SOC analysts need to take the output and make decisions.\u00a0 Likewise your analysts are not by themselves a complete solution \u2013 as gifted as they are, they still need technology to enable their success.\u00a0 Your people and your technology joined together by process is a complete solution.\u00a0 Focus process efforts on those points of interaction between the people and the technology. \u00a0That balance helps guide junior analysts without stifling the creativity of senior analysts.<\/li>\n<\/ol>\n<p>Process has an important place in the successful SOC.\u00a0 Hire the right people and implement the right technology, then get to work on defining and executing the right processes.<\/p>\n<p>Download our new SOC paper <a href=\"http:\/\/connect.paloaltonetworks.com\/government-soc\" target=\"_blank\">here<\/a>.<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hopefully by now you\u2019ve read our new paper \u201cKeeping a Trusted Eye On Today\u2019s Government Networks: Building or Realigning the Government Security Operations Center\u201d and Rick Howard\u2019s article on the talent needed &hellip;<\/p>\n","protected":false},"author":47,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[484,410],"tags":[675,673,635,674,636],"coauthors":[],"class_list":["post-6671","post","type-post","status-publish","format-standard","hentry","category-government","category-vertical","tag-knowetic-solutions","tag-security-operations-center","tag-soc","tag-tim-haight","tag-white-papers"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/6671","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/47"}],"replies":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=6671"}],"version-history":[{"count":1,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/6671\/revisions"}],"predecessor-version":[{"id":6672,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/6671\/revisions\/6672"}],"wp:attachment":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=6671"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=6671"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=6671"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=6671"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}