You are reading Solutions | by business challenge | saving costs through operational efficiencies

Saving Costs Through Operational Efficiencies

While spend on cybersecurity is increasing every year according to WEF report, business leaders still identify disruption from cyberattack as one of the top 5 growing risks. In addition, organizations find aligning cybersecurity risks with business strategy challenging. We wrote many blogs on security efficacy impact at all business verticals: operational, tactical and strategic.

SOC Optimization training course outlined below is an ultimate training course for connecting the dots on 'i' between security services and the business goals. It will help you justify SOC value to business, raise awareness how costs could be saved through operational efficiencies. We have included plenty of pragmatic exercises - an additional value to business in actioning the knowledge.

"This course provides a well rounded perspective on how a SOC should operate from the operational, tactical and strategic levels and how they interrelate, resulting in a balanced approach that is often missing from other courses which mostly target only one of these levels and in a more general security sense."

Andreas Andrellis, Senior Network & Security Engineer at XM.com

Learning Outcomes

1. SOC Productivity Optimization: raising awareness

2. Organizational dissemination

3. Continuous Professional Development for career enhancement, role enrichment.

4. Emphasis security services quality impact on business outcomes.

5. Participants completing the course will have the knowledge how to effectively run SOC operations thus saving costs through operational efficiencies.

Who will benefit most?

L3 SOC Analyst

Security Architect/ Engineer

SOC Manager / Lead

CISO

Some customers deliver this training to their whole security team

SOC Optimization Training Course Index (for guidance only)

Content

OPERATIONAL LAYER

Tool set and platforms - Licenses and scope of each of them - Scope of data collection and storage - SIEM Lab - Use case factory - Data Management and logs - Generic correlation rules - Specific correlation rules - Playbooks - Knowledge base - Security incident category (Mitre Att&ck) - Technical memory of technologies deployed - Asset's criticality - List of supported technologies - Scalation grids - Helpdesk - Integration with client's helpdesk (scope) - Monthly reports - Shifts - Alert framework.

TACTICAL LAYER

Ticket registration process - States of a ticket - Definitions of SOC services - Threat monitoring - Vulnerability assessment - Threat intelligence - Threat hunting - Previous requirements - Scalation grid - List of assets, criticality, name, private IP, public IP - Triage procedure - Onboarding procedure - Threat monitoring procedure - Vulnerability assessment procedure - Service manual - SOC dictionary and terminology - Incident response procedure - SOC and other services - Penetration testing - Incident response - Analysis - Annual report - Business enablement - Identifying new business opportunities through security efficiency.

STARTEGIC LAYER

SOC goals and objectives - Out of scope: what SOC is not - Security posture - KPIs - SLAs - Measuring business alignment - SOC as a business risk Dashboard to the Board - Risk Management - Risk heat map - Job descriptions - External SOC roles of support (BDM, Security Manager, Sales, Product Manager, Presales, Pen-testers, Incident handlers - Maturity road map of SOC