Practices for setting up and operating a security operations & monitoring capability

Security Operations Control Centers are a necessity for large businesses and government agencies. But, for a small to medium sized business such as Sifers-Grayson, the expense may outweigh the benefits. Right-sizing an enterprise monitoring capability can be a significant challenge. Discuss the best practices for setting up and operating a security operations & monitoring capability. These practices rely upon: people, processes, and technologies. For the client, Sifers-Grayson, establishing a SOC could give them the following much needed capabilities: 1. Consolidated IT Help Desk (combining Engineering & Headquarters IT support into a single, well trained team). 2. Server Status Monitoring (patches, up/down, host-based security status) 3. Enterprise Endpoint Protection Platform Monitoring / Host monitoring (e.g. workstations) 4. Monitoring and Responding to Intrusion Detection Systems (Alerts & Alarms) 5. Firewall Operations & Monitoring 6. Network Connection Monitoring REFERENCES https://www.gartner.com/it-glossary/security-information-and-event-management-siem https://www.gartner.com/reviews/market/security-information-event-management https://www.scmagazine.com/siem/products/6554/0/ https://www.gartner.com/reviews/market/security-information-event-management https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf https://www.sans.org/reading-room/whitepapers/analyst/building-world-class-security-operations-center-roadmap-35907 https://www.mitre.org/sites/default/files/publications/pr-13-1028-mitre-10-strategies-cyber-ops-center.pdf