Veerasamy, Namosha2023-01-032023-01-032022-03Veerasamy, N. 2022. The evolution of cyber threats in the South African context. <i>Journal of Information Warfare.</i> http://hdl.handle.net/10204/125671445-33121445-3347http://hdl.handle.net/10204/12567A Cybersecurity Operation Centre (SOC) is a centralized hub within an organisation that houses people, processes, and technologies aimed at continuous monitoring of the organization’s assets in order to prevent, detect, analyse, and respond to cybersecurity incidents against that organisation. SOCs are critical to the collection, analysis, and response to cybersecurity events and incidents faced by an organisation. This article discusses the architecture of an SOC that enables quick and timely responses to events and incidents. Firstly, the article describes an architecture of the SOC, the SOC’s processes, personnel, and technologies. Secondly, the article discusses what type of information and logs should be collected, analysed, and interpreted. Lastly the article discusses how to handle an incident through the six stages of incident response.AbstractenCyber threatsNext-Generation threatsThreat actorsArticleVeerasamy, N. (2022). The evolution of cyber threats in the South African context. <i>Journal of Information Warfare</i>, http://hdl.handle.net/10204/12567Veerasamy, Namosha "The evolution of cyber threats in the South African context." <i>Journal of Information Warfare</i> (2022) http://hdl.handle.net/10204/12567Veerasamy N. The evolution of cyber threats in the South African context. Journal of Information Warfare. 2022; http://hdl.handle.net/10204/12567.TY - Article AU - Veerasamy, Namosha AB - A Cybersecurity Operation Centre (SOC) is a centralized hub within an organisation that houses people, processes, and technologies aimed at continuous monitoring of the organization’s assets in order to prevent, detect, analyse, and respond to cybersecurity incidents against that organisation. SOCs are critical to the collection, analysis, and response to cybersecurity events and incidents faced by an organisation. This article discusses the architecture of an SOC that enables quick and timely responses to events and incidents. Firstly, the article describes an architecture of the SOC, the SOC’s processes, personnel, and technologies. Secondly, the article discusses what type of information and logs should be collected, analysed, and interpreted. Lastly the article discusses how to handle an incident through the six stages of incident response. DA - 2022-03 DB - ResearchSpace DP - CSIR J1 - Journal of Information Warfare KW - Cyber threats KW - Next-Generation threats KW - Threat actors LK - https://researchspace.csir.co.za PY - 2022 SM - 1445-3312 SM - 1445-3347 T1 - The evolution of cyber threats in the South African context TI - The evolution of cyber threats in the South African context UR - http://hdl.handle.net/10204/12567 ER -26317