Journal Highly available systems №4 for 2018 г.
Article in number:
The establishment of security operations center
Type of article: scientific article
DOI: 10.18127/j20729472-201804-03
UDC: 621.391(075.8)
Keywords: information security information security management SIEM-system Security Operations Center SOC
Authors:

E.K. Baranova – Associate Professor, HSE (Moscow)

E-mail: ekbaranova@hse.ru

E.D. Zavadskaya – Undergraduate, HSE (Moscow) E-mail: ekaterinazav1994@mail.ru

Abstract:

The features of the establishment of Security Operations Center (SOC) in the company and the operation principles of the Security Information and Event Management system (SIEM) are considered; the templates for building SOC in the company are provided; common mistakes that occur during the creation and operation of SOC in the companies are given. The introduction and systematic use of the IS management system allows to reduce the negative impact of IS incidents on the business, increase the emphasis on their prevention, improve the quality of the results of the assessment and management of IS risks, which ultimately allows to increase the company's overall IS level.

Pages: 8-14
References
  1. Organizaciya Security Operation Center (SOC). ZAO NIP «Iformzashitaа». URL = http://docplayer.ru/46349479-Organizaciya-securityoperation-center-soc.html. (Visited on: 8.06.2018).
  2. Kotenko I.V., Saenko I.B., Polubelova O.V., Chechulin A.A. Primenenie tekhnologii upravleniya informaciey i sobitiyami bezopasnosti dlya zashiti informacii v kriticheski vagnikh infractrukturakh // Trudi Sankt-Peterburgskogo instituta informatiki i avtovatizacii RAN (SPIIRAN). SPb.: 2012. № 20. S. 27−56.
  3. Medvedev Artem Samiy bezopasniy OS // Jet Info. № 3. URL = http://www.jetinfo.ru/stati/samyj-bezopasnyj-soc. (Visited on:18.05.2018).
  4. Babash A.V., Baranova E.K. Aktualnie voprosi zashiti informacii: monografiya. М.: INFRA-M. RIOP. 2017.
  5. Babash A.V., Baranova E.K. Osobennosti upravleniya inzidentami informacionnoy bezopasnosti // Sb. nauchnikh rabot XVI nauchnopraktich. konf. «Sovremennie informacionnie tekhnologii v upravlenii I obrazovanii». M.: FBGU NII «Voskhod». 2017. S. 81−94.
  6. Fedorchenko A.B., Levshun D.S., Chechulin A.A., Kotenko I.V. Analiz metodov korrelyaii sobitiy bezopasnosti v SIEM-sistemakh // Trudi Sankt-Peterburgskogo instituta informatiki I avtovatizacii RAN (SPIIRAN). SPb.: 2016. № 4(47). URL = www.proceedings.spiiras.nw.ru.
  7. Carson Zimmerman Ten Strategies of a World-Class Cybersecurity Operations Center. MITRE. 2014. URL = www.mitre.org/sites/default/files/publications/pr-13-1028-mitre-10-strategies-cyber-ops-center.pdf. (Visited on: 8.06.2018).
Date of receipt: 3 августа 2018 г.