Need help with a question
Due 8/26
The security operations center (SOC) provides the foundation for a security operations program. The SOC brings together various isolated monitoring and response functions into a unified framework. The SOC is defined by the coordinated efforts of personnel, processes, and technology for identifying information security events and providing timely response and remediation.
Security information and event management (SIEM) is the primary tool used to support the security operations program in large enterprises. Organizations with the resources to support this type of tool can manage the SIEM as an activity within the SOC.
Part A: SOC Implementation Plan Presentation
Create a 12- to 14-slide, media-rich Microsoft® PowerPoint® presentation that documents the SOC implementation plan for the health care organization ’s senior leadership. The plan will also include the following requirements for implementing the SIEM portion of the SOC:
· Definition and purpose of an SOC and an SIEM (1 slide)
· Benefits of an integrated SOC and SIEM (1 slide)
· Diagram of the SOC organization illustrating each of the following 4 sections (1 slide):
· SOC Management
· Security Event & Incident Monitoring
· Event Analysis and Reporting
· Post-Incident Analysis
· Detailed information for the 4 sections listed above (8 to 10 slides); include the following for each:
· Description
· High-level functions and responsibilities
· Hardware and software required
· Resources required, including personnel for a 24/7 schedule, and security certificates required for each security position
· Recommended schedule for implementing all sections of the SOC (1 slide)
Note: Media-rich presentations in PowerPoint® should include such things as voiceover narration, graphics, pictures, video clips, or audio.
Part B: SIEM Maintenance Plan
A significant portion of SIEM is proper management of the hardware and software supporting SIEM processes and tasks.
Create a 3- to 4-page SIEM maintenance plan in Microsoft® Word that documents the processes for the maintenance task areas listed below. For each task or process include the following:
· Bulleted description
· Frequency in which the process must be competed
· SOC personnel required to complete the process (as defined in Part A)
Maintenance Task Areas:
· Process for patching operating systems for SIEM servers
· Servers are Windows Server® 2012
· Process for patching SIEM applications
· Tools that are available on the market for supporting security information and event management (SIEM) operations Process for archiving SIEM data for offline storage
· Assume 2 TBytes of data per month
· Estimate storage size required
· Estimate retention time
