Sage Journals: Discover world-class research

Abstract

At present new sophisticated attacks make organizations’ IT infrastructure (ITI) break-in more professional and dangerously effective. All organizations must oppose this properly designed and centralized information security (IS) management systems. Learn from the past helps to avoid the consequences of serious IS incidents in the future. Therefore, IS management is necessary for rapidly detecting IS incidents, minimizing loss and destruction caused by then, mitigating the vulnerabilities exploited and restoring organizations’ ITIs. This process can be implemented based on Security Operations Centers (SOCs) and Security Intelligence Centers (SICs) as their next evolution step. SOCs’ main functions and serious limitations are defined. The SICs’ concept and functioning are analyzed. The main areas of further research conclude the paper.

Keywords

Information security information security incident information security management Security Operations Center Security Intelligence Center

Get full access to this article

View all access options for this article.

References

Miloslavskaya

, Security operations centers for information security incident management, In: Proceedings of the 4th International Conference “Future Internet of Things and Cloud” (FiCloud 2016), (2006), Vienna, Austria, pp. 131–138.

ISO/IEC 27035-1:2016 Information technology – Security techniques – Information security incident management.

ISO/IEC 27001:2013/Cor 2:2015 Information technology – Security techniques – Information security management systems– Requirements.

Cichonski

, Millar

, Grance

, Scarfone

, NIST Special Publication 800-61 Rev 2: Computer Security Incident Handling Guide, 2012. Available on: http://nvlpubs.nist.gov/nistpubs/. Accessed 27 December 2017.

Accessed SpecialPublications/NIST.SP.800-61r2.pdf. 27 December, 2017.

Alberts

, Dorofee

, Killcrece

, Ruefle

, Zajicek

, CMU/SEI-2004-TR-015 «Defining Incident Management Processes for CSIRT», 2004.

Bace

R.G.

, Intrusion Detection. Macmillan Technical Publishing, Indianapolis, 2000.

Van Wyk

K.R.

and Forno

, Incident Response. O’Reilly Media Inc., Sebastopol, 2001.

Schultz

E.E.

, Shumway

, Incident Response: A Strategic Guide to Handling System and Network Security Breaches. Sams Publishing, Indianapolis, 2001.

10.

Northcutt

, Network Intrusion Detection, 3rd edn.. New Riders Publishing, Indianapolis, 2002, 512 p.

11.

Prosise

, Mandia

, Pepe

, Incident response and computer forensics, 2nd edn. McGraw-Hill/Osborne, New York2003.

12.

Bejtlich

, The Tao of Network Security Monitoring: Beyond Intrusion Detection. Pearson Education, Boston, 2005.

13.

Bejtlich

, Extrusion Detection: Security Monitoring for Internal Intrusions. Addison-Wesley Professional, Boston, 2005.

14.

Bidou

, Security Operation Center Concepts & Implementation, 2005. Available on: http://iv2-technologies.com/∼rbidou/SOCConceptAndImplementation.pdf. Accessed 27 December 2005.

15.

Security Operations Center: Building, Operating, and Maintaining your SOC. Cisco Press, 2015.

16.

Fry

, Nystrom

, Security Monitoring. O’Reilly, Cambridge, 2009.

17.

Sanders

, Smith

, Applied Network Security Monitoring:Collection, Detection, and Analysis. Syngress, Boston, 2013.

18.

Bejtlich

, Practice of Network Security Monitoring. No Starch Press, San Francisco, 2013.

19.

Security Operations Center. Available on: http://resources.infosecinstitute.com/security-operations-center/. Accessed 27 December 2017.

20.

Insights on governance, risk and compliance. Security Operations Centers — helping you get ahead of cybercrime. EYGM Limited, 2014.

21.

Burnham

What Is Security Intelligence and Why Does It Matter Today?

https://securityintelligence.com/what-is-security-intelligence-and-why-does-it-matter-today/. Accessed 27 December 2017.

22.

Hutchins

E.M.

, Clopperty

M.J.

and Amin

R.M.

, Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains. Lockheed Martin Corporation, 2013.

23.

Threat Intelligence Platforms. Threat Connect, Inc. 2015, Available on: http://www.informationweek.com/whitepaper/. Accessed 27 December 2017.

24.

Security Intelligence. Prevent fraud. Achieve compliance. Preserve security. https://www.sas.com/en_us/software/fraud-security-intelligence.html. Accessed 27 December 2017.

25.

SOC vs. SIC: The Difference of an Intelligence Driven Defense® Solution. A White Paper Presented by: Lockheed Martin Corporation, 2015.

26.

Miloslavskaya

, SOC- and SIC-Based Information Security Monitoring. In: Rocha

., Correia

, Adeli

, Reis

, Costanzo

(eds) Recent Advances in Information Systems and Technologies. WorldCIST 2017. Advances in Intelligent Systems and Computing, Vol. 570 pp. 364–374. Springer, Cham.

27.

Ackoff

R.L.

, From data to wisdom, Journal of Applies Systems Analysis16 (1989), 3–9.

28.

IBM Corporation. IT Security Compliance Management Design Guide with IBM Tivoli Security Information and Event Manager. 2, Available on: http://www.redbooks.ibm.com/abstracts/sg247530.html?Open. Accessed 27 December 2017.

29.

Miloslavskaya

, Senatorov

, Tolstoy

, Zapechnikov

Information security maintenance issues for big security-related data. In: Proceedings of 2014 International Conference on Future Internet of Things and Cloud (FiCloud 2014)International Symosium on Big Data Research and Innovation (BigR&I-2014), Barcelona, Spain, pp. 361–366.

30.

Hamilton

, The next generation of SIEM can be found in security analytics. Cyber Defense Magazine, March 2014, pp. 41–43.

31.

Network operations center (NOC). Available on: http://searchnetworking.techtarget.com/definition/network-operations-center, Accessed 27 December 2017.

32.

What Is a Network Operations Center (NOC)? Available on: http://www.continuum.net/msp-resources/mspedia/what-is-a-network-operations-center-noc, Accessed 27 December 2017.

33.

PDCA (plan-do-check-act). Available on: http://whatis.techtarget.com/definition/PDCA-plan-do-checkact. Accessed 27 December 2017.