Frequently Asked Questions about Cybersecurity Operations
51In this video, John Hubbard answers some of the most commonly asked questions about setting up and running security operations centers including team building and SOC tiers, important technology and data, and priorities to focus on to defend against modern advanced attackers.
For more information and resources on the SOC: https://www.sans.org/u/1ndt
Check out our SOC Training Courses:
SEC450 Blue Team Fundamentals: Security Operations and Analysis - https://www.sans.org/u/1ndy
SEC511 Continous Monitoring and Security Operations - https://www.sans.org/u/1ndD
MGT551 Building and Leading Security Operations Centers - https://www.sans.org/u/1ndI
00:00-01:20 What roles and actions are associated with the SOC?
01:21-03:36 What security operations training courses does SANS offer?
03:37-05:46 What type of resources do Blue Teamers need to effectively safeguard their organizations?
05:47-06:55 How do we define the SOC?
06:56-08:40 Can the SOC be remote?
08:41-12:10 What are the different functions of a SOC?
12:11-14:34 Do all security roles have a place within the SOC?
14:35-17:21 What are the responsibilities of a SOC manager?
17:22-19:14 How can security professionals gain experience with the variety of tools necessary to be a SOC analyst?
19:15-20:24 How important is data collection to a well-functioning SOC?
20:25-22:12 How big does automation factor in when we’re talking about SOC functions?
22:13-24:19 How do you determine what makes the list about what data to collect and what event categories to record and collect?
24:20-26:09 What is the impact of cloud technologies on SOC functions?
26:10-27:45 Are there other trends that are having a significant impact on the SOC?
27:46-29:59 How important are metrics in the SOC?
#SOC #securityoperations #securityoperationscenters