|| Security Operation Center (SOC) ||

📡SOC will become a single point of contact for cyber security incident reporting & coordination in the state.

📡SOC is a centralized location (s) where key IT systems of an organization are monitored, assessed and defended from 

cyber-attacks.

📡Why SOC is needed 🔐

SOC is needed:

👉For continuous prevention against malicious attack

👉Easy detection of threat

👉Response capabilities against real time incidents in the network

👉Incident response including coordination, resolution, recovery & subsequent prevention of attack.

👉Threat Intelligence which includes threat information aggregation, correlation and dissemination of actionable intelligence for its constituents

👉Security advisory services including advisories on threats in the software and hardware in use by the constituents to minimize impact due to existing and zero day vulnerabilities & exploits) and coordination with CERT-IN and other public and private entities

👉Coordination with CERT-IN and other public and private entities including OEMs

📡The SOC is a cross-functional virtual center providing situational awareness through the detection, containment, and remediation of IT threats. Overview of the processes involved are mentioned below: 

📡Security Operations Centre’s process involve collection of logs and events from multiple sources, analysing and correlating with internal and external infrastructure components and generating alerts providing insights of overall security posture. Particular response activities can include:

👉Infrastructure Security

👉Endpoint Protection

👉Internal Vulnerability Assessment & Penetration Test

👉Internal Threat Management Program

👉Data Protection & Classification

👉Tool Engineering and Deployment

BY,

RAJU MAHTO

CCIO-ISAC INDIA, CNSS (U.K), ISO/IEC 27001-ISA