Heed 5 security operations center best practices before outsourcing>
Tech Target – Security – Johna Till Johnson
Research showed highly successful cybersecurity organizations, as measured by mean total time to contain, are 52% more likely to have deployed an SOC than their less successful peers. In fact, merely deploying a SOC can improve an organization’s mean time to contain a breach by almost half. But, as always, the devil is in the details in terms of assessing security operations center best practices: Should cybersecurity pros outsource the SOC function or develop one in-house. And, if they outsource, what should the selection criteria be? First is the operational model: Is the SOC provider primarily focused on event notification, or does it work in a team extension mode and proactively take steps to respond to events? Second is the SOC run book itself. Regardless of who executes it — the internal team or the SOC provider — how is the run book developed. Does the SOC provider have a standardized run book that can be customized to each client, or should the client plan to develop it? The third step to ensure security operations center best practices is to examine the portfolio of services the SOC provider offers. Fourth is the set of tools and technologies the SOC provider relies on. Finally, as counterintuitive as it sounds, there’s the question of how the relationship will be terminated.
Link: https://searchsecurity.techtarget.com/tip/Heed-5-security-operations-center-best-practices-before-outsourcing