Cyber defense
Download 2.54 Mb. View original pdf
|
- Navigate this page:
- Security event management
| CIBERDEFENSA ORIENTACIONES PARA EL DISEÑO, PLANEAMIENTO, IMPLANTACIÓN Y DESARROLLO DE UNA CIBERDEFENSA MILITAR 55 Operational capabilities 337. The cyberspace force must have capabilities aimed at conducting cyber operations defensive, exploitative, and offensive, such as security and information event management (SIEM), operational intelligence, response, digital forensics and deployable cyber defense. Security event management 338. Currently, there is an unclear use of several terms (NOC, SOC, CERT, CSIRT, CyOC) to designate organizations with cybersecurity responsibilities, creating confounding situations and contradictory perceptions that hinder understanding and collaboration when facing cyber threats. 339. Network Operations Center (NOC) is an operational center that monitors its own network and systems in order to preserve the operation and availability of services. It must have the capability to detect malfunctions and interruptions of services. The reaction capability is limited to failure prevention and service recovery within its own network. 340. Security Operations Center (SOC) is an operational center that monitors its own networks and systems in order to preserve their security. It must have capability to detect malicious activities targeting its own networks and information. Its reaction capability is limited to preventing, detecting and stopping malicious activities within its own network. 341. CERT 25 is a registered trademark owned by Carnegie Mellon University that refers to an entity, normally associated with a specific sector (government, defense, university, banking, business, critical infrastructure, etc) created with the purpose of preventing, minimizing or eliminating computer security events or incidents. The use of the term CERT requires the express permission of Carnegie Mellon University. 342. CSIRT 26 is a generic term fora team with a purpose similar to CERT, but with unrestricted use and therefore requires no authorization. 343. The terms CERT and CSIRT are commonly used to grant a SOC with an official character, recognized and registered by international organizations (FIRST Download 2.54 Mb. Share with your friends:
|