COI Report – Part VII
Page
327 of
425 948. The SIEM solution chosen
is particularly important, as ASOCs are most often organised around the SIEM, which aggregates and correlates data from the various tools employed by the ASOC onto a single platform, which then provides a comprehensive overview to security staff at a single glance.
949. People. An ASOC requires the right manpower to function well. The staff of the ASOC should be a mix of experienced security professionals and IT staff. The IT staff provide a solid understanding of the organisation’s
IT infrastructure, and are usually trained in computer engineering, network engineering, or computer science and may
have credentials such as CISSP87
or GIAC.
88
The security personnel can help to bring fresh perspectives based on their experience. Working together, the ASOC staff should be able to analyse large quantities of data and intuitively recognise the need for further investigation when it arises.
950. Processes. The ASOC needs to have well-defined processes that facilitate consistent operations and repeatable outcomes. The ASOC needs to be stable and functional at all times, as it is the heart of an organisation’s security architecture.
At the same time, the processes must be wide and flexible enough to accommodate possible incident scenarios and provide detailed guidance for response. Examples of incidents include a) Phishing b) Malware infections c) Bring your own device-related incidents Certified Information Systems Security Professional (“
CISSP”) is an independent information security certification granted by the International Information System Security Certification Consortium, also known as ISC. Global Information Assurance Certification (“
GIAC”) is an information security certification entity that provides a set of vendor-neutral computer security certifications linked to the training courses provided by the SANS Institute.
