1
Security Operations Center
Student’s First Name, Middle Initial(s), Last Name
Institutional Affiliation
Course Number and Name
Instructor’s Name and Title
Assignment Due Date
2
Security Operations Center
The development of a security operations center is important for the development of the
organization. It is important to make sure that the company has a dedicated department which
deals with security issues both at the organizational and the technical level. The center helps to
monitor, prevent, detect, investigate, and respond to cyber threats at all times (Harmonik &
Krasznay, 2017). The center usually has particular individuals and groups which are required to
carefully outline the steps and work towards their success. There is also a hierarchy that shows
the responsibilities of the people as well as their expectations in working towards recognizable
outcomes in the long-term. Their joint efforts are essential for the realization of the security
needs.
The first tier in the hierarchy involves the triage specialists. These are individuals who
are tasked with evaluation of incoming alerts. They also work to identify suspicious events and
determine a disposition for each alert. This is important in determination of the intensity. The
triage specialists help in closing false positive or escalating high risk suspicious situations which
may affect the population (Danquah, 2020). The second tier in the hierarchy involves the
incident responders. These personnel provide initial responses to any security threat or attack.
Their tier level allows them to use forensic tools which are integral in the restriction of damage
and the provision of immediate workaround to help guarantee continuity in operational
programs. The individuals also provide training, support and change management protocols that
can be relied upon in the improvement of the organizational awareness factors in the long-term.
It is their duty to ensure smooth day to day running of the security department.
The third tier in the hierarchy are the expert security analysts. The personnel help in the
implementation of the security policies and programs developed from the management level. It is
3
their duty to ensure that the security mechanisms implemented are aligned with the desired
practices. Furthermore, they also work to achieve the best disaster recovery plans in the event of
a security threat in the company. At the fourth tier, there is the SOC manager. The person is
involved with oversight of the security operations in the department. The manager incorporates
the required team members and coordinates operations with the security engineers. He or she
may also create policies which guide the hiring process for the company staff and personnel. The
manager serves as the immediate boss to all the members in the security operations team.
The cyber threat intelligence unit works closely with the SOC team in a given
organization. The unit ensures that there is collection of information regarding possible threats in
cyber security (Bou Harb & Neshenko, 2020). The unit may choose to share the information with
the SOC team depending on the sensitivity and levels of preparedness by the organizations.
Moreover, they also work to guarantee that there is better decision making and more enhanced
sense of understanding which is shared amongst the key players in the company. This factor is
key to the realization of company effective response teams.
The proper mitigation of companies from the considerable threats in cyber security
requires team efforts. The intelligence unit should share possible information regarding threats to
the companies. The SOC team in an organization should work to identify the best possible
personnel in the hierarchy to improve their cyber defense programs. These joint practices are
essential to mitigating organizational threats.
4
References
Bou-Harb, E., & Neshenko, N. (2020). Generating and sharing IoT-centric cyber threat
intelligence. Cyber Threat Intelligence for the Internet of Things, 77-
84. [Link]
Danquah, P. (2020). Security operations center: A framework for automated triage, containment
and escalation. Journal of Information Security, 11(04), 225-
240. [Link]
Hámornik, B. P., & Krasznay, C. (2017). A team-level perspective of human factors in cyber
security: Security operations centers. Advances in Intelligent Systems and Computing,
224-236. [Link]
