The increasing dependency of modern society on IT systems and infrastructures for essential services (e.g. internet banking, vehicular network, health-IT, etc.) coupled with the growing number of cyber incidents and security vulnerabilities have made Cyber Security Operations Centre (CSOC) undoubtedly vital. As such security operations monitoring is now an integral part of most business operations. SOCs (used interchangeably as CSOCs) are responsible for continuously and protectively monitoring business services, IT systems and infrastructures to identify vulnerabilities, detect cyber-attacks, security breaches, policy violations, and to respond to cyber incidents swiftly. They must also ensure that security events and alerts are triaged and analysed, while coordinating and managing cyber incidents to resolution. Because SOCs are vital, it is also necessary that SOCs are effective. But unfortunately, the effectiveness of SOCs are a widespread concern and a focus of boundless debate. In this paper, we identify and discuss some of the pertinent challenges to building an effective SOC. We investigate some of the factors contributing to the inefficiencies in SOCs and explain some of the challenges they face. Further, we provide and prioritise recommendations to addressing the identified issues.
翻译:现代社会日益依赖信息技术系统和基本服务基础设施(如互联网银行、车辆网络、保健信息技术等),再加上网络事件和安全脆弱性日益增加,无疑使网络安全行动中心(网络安全行动中心)变得至关重要。由于这种安全行动监测现在已成为大多数业务活动的一个组成部分,因此,这种安全行动监测现在已成为大多数业务活动的一个组成部分。SOC(可互用使用,作为民间社会组织)负责持续和有保护地监测商业服务、信息技术系统和基础设施,以查明弱点,发现网络攻击、违反安全规定、违反政策行为,并迅速应对网络事件。它们还必须确保对安全事件和警报进行筛选和分析,同时协调和管理网络事件,以待解决。此外,由于SOC至关重要,因此SOC也有必要发挥效力。但不幸的是,SOC的效力是广泛关注的问题,也是无止境辩论的重点。在本文件中,我们查明并讨论建立有效的SOC所面临的一些相关挑战。我们调查造成SOC效率低下的一些因素,并解释它们所面临的一些挑战。我们提出并优先建议,以解决已查明的问题。