Mutemwa, MuyowaMtsweni, Jabu SZimba, Lukhanyo2019-01-162019-01-162018-12Mutemwa, M., Mtsweni, J.S. and Zimba, L. 2018. Integrating a security operations centre with an organization's existing procedures, policies and information technology systems. 2018 International Conference on Intelligent & Innovative Computing Applications (ICONIC), 6-7 December 2018, Mauritius978-1-5386-6476-6http://mauricon.org/wp-content/uploads/2018/12/Mauricon-2018-Conference-Proceedings-44423-041218.pdfhttp://hdl.handle.net/10204/10602Paper presented at the 2018 International Conference on Intelligent & Innovative Computing Applications (ICONIC), 6-7 December 2018, MauritiusA Cybersecurity Operation Centre (SOC) is a centralized hub for network event monitoring and incident response. SOCs are critical when determining an organization’s cybersecurity posture because they can be used to detect, analyze and report on various malicious activities. For most organizations, a SOC is not part of the initial design and implementation of the Information Technology (IT) environment but rather an afterthought. As a result, it is not natively a plug and play component therefore there are integration challenges when a SOC is introduced into an organization. A SOC is an independent hub that needs to be integrated with existing procedures, policies and IT systems of an organization such as the service desk, ticket logging system, reporting, etc. This paper discussed the challenges of integrating a newly developed SOC to an organization’s existing IT environment. Firstly, the paper begins by looking at what data sources should be incorporated into the Security Information and Event Management (SIEM) such as which host machines, servers, network end points, software, applications, webservers, etc. for security posture monitoring. That is, which systems need to be monitored first and the order by which the rest of the systems follow. Secondly the paper also describes how to integrate the organization’s ticket logging system with the SOC SIEM. That is how the cybersecurity related incidents should be logged by both analysts and nontechnical employees of an organization. Also, the priority matrix for incident types and notifications of incidents. Thirdly the paper looks at how to communicate awareness campaigns from the SOC and also how to report on incidents that are found inside the SOC. Lastly the paper looks at how to show value for the large investments that are poured into designing, building and running an SOC.enCybersecurity Operation CentrePriority matrixProcedures and policiesConference PresentationMutemwa, M., Mtsweni, J. S., & Zimba, L. (2018). Integrating a security operations centre with an organization's existing procedures, policies and information technology systems. http://hdl.handle.net/10204/10602Mutemwa, Muyowa, Jabu S Mtsweni, and Lukhanyo Zimba. "Integrating a security operations centre with an organization's existing procedures, policies and information technology systems." (2018): http://hdl.handle.net/10204/10602Mutemwa M, Mtsweni JS, Zimba L, Integrating a security operations centre with an organization's existing procedures, policies and information technology systems; 2018. http://hdl.handle.net/10204/10602 .TY - Conference Presentation AU - Mutemwa, Muyowa AU - Mtsweni, Jabu S AU - Zimba, Lukhanyo AB - A Cybersecurity Operation Centre (SOC) is a centralized hub for network event monitoring and incident response. SOCs are critical when determining an organization’s cybersecurity posture because they can be used to detect, analyze and report on various malicious activities. For most organizations, a SOC is not part of the initial design and implementation of the Information Technology (IT) environment but rather an afterthought. As a result, it is not natively a plug and play component therefore there are integration challenges when a SOC is introduced into an organization. A SOC is an independent hub that needs to be integrated with existing procedures, policies and IT systems of an organization such as the service desk, ticket logging system, reporting, etc. This paper discussed the challenges of integrating a newly developed SOC to an organization’s existing IT environment. Firstly, the paper begins by looking at what data sources should be incorporated into the Security Information and Event Management (SIEM) such as which host machines, servers, network end points, software, applications, webservers, etc. for security posture monitoring. That is, which systems need to be monitored first and the order by which the rest of the systems follow. Secondly the paper also describes how to integrate the organization’s ticket logging system with the SOC SIEM. That is how the cybersecurity related incidents should be logged by both analysts and nontechnical employees of an organization. Also, the priority matrix for incident types and notifications of incidents. Thirdly the paper looks at how to communicate awareness campaigns from the SOC and also how to report on incidents that are found inside the SOC. Lastly the paper looks at how to show value for the large investments that are poured into designing, building and running an SOC. DA - 2018-12 DB - ResearchSpace DP - CSIR KW - Cybersecurity Operation Centre KW - Priority matrix KW - Procedures and policies LK - https://researchspace.csir.co.za PY - 2018 SM - 978-1-5386-6476-6 T1 - Integrating a security operations centre with an organization's existing procedures, policies and information technology systems TI - Integrating a security operations centre with an organization's existing procedures, policies and information technology systems UR - http://hdl.handle.net/10204/10602 ER -