Information Security Operations Center

Jump to: navigation, search

An information security operations center or the SOC is a place where company data systems (applications, web sites, data centers and servers, databases, desktops, networks and other endpoints) are assessed, defended, and monitored.

An information security operation center is the processes, technologies and people involved in delivering situational alertness through the containment, detection, and remediation of Information Technology dangers. An information security operations center handles events for the company, making sure that they are correctly analyzed, identified, actioner/defense, communicated, reported and investigated. The information security operations center also observes the requests to trace a potential cyber-attack or interruption (event) and regulate if it is a genuine, nasty threat, and if it possibly will have an impact on the business.

An information security operations center usually are located around SIEM (security information and event management) system which totals and associates data from the security feeds like the vulnerability assessment systems and network discovery; GRC (governance, risk and compliance) systems; web site valuation and monitoring schemes, penetration testing tools; application and database scanners; intrusion detection systems (IDS); log management systems; intrusion prevention system (IPS); wireless intrusion prevention system; network behavior analysis and denial of service monitoring; enterprise antivirus , firewalls and unified threat management (UTM). The security information and event management technology makes a "single pane of glass" for the safety experts to monitor the company.


1. Information security operations center - Wikipedia, the free encyclopedia