Security icon

Build Your Security Operations Program From the Ground Up

Establish security operations with a threat collaboration environment.

Unlock This Blueprint

View Storyboard

Solution Set Storyboard Thumbnail

Contributors

  • Jason Bevis – Senior Director Orchestration Product Management, Office of the CTO
  • Douglas Andre – Director of Cybersecurity, PenFed Credit Union
  • Seth Shestack – Director of Information Security, Temple University
  • Ron Kirkland – Manager of ICT Security & Customer Service, Crawford & Company
  • David Miller – Chief Executive Officer, Uzado
  • Jim Hosley – Director of IT Security, Urban Outfitters
  • Candy Alexander – CISO, Alexander-Advisory
  • Jason Bareiszis – Incident Response Manager, Tetra Tech
  • Trevor Butler – General Manager of IT, City of Lethbridge
  • Fawad Khan – MS Cyber Security Fusion Center, Financial Services
  • Ryan Breed – CTO, Director of Mayhem, Cascade Failure, Inc.
  • Peter Clay – Principal, Zeneth Tech Partners
  • 3 anonymous contributors

Your Challenge

  • Analysts cannot monitor and track events coming from multiple tools because they have no visibility into the threat environment.
  • Incident management takes away time from problem management because processes are ad hoc and the continuous monitoring, collection, and analysis of massive volumes of security event data is responsive rather than tactical.
  • Organizations are struggling to defend against and prevent threats while juggling business, compliance, and consumer obligations.

Our Advice

Critical Insight

  • Security operations is no longer a center but a process. The need for a physical security hub has evolved into the virtual fusion of prevention, detection, analysis, and response efforts. When all four functions operate as a unified process, your organization will be able to proactively combat changes in the threat landscape.
  • Raw data without correlation is a waste of time, money, and effort. A SIEM on its own will not provide this contextualization and needs configuration. Prevention, detection, analysis, and response processes must contextualize threat data and supplement one another – true value will only be realized once all four functions operate as a unified process.
  • If you are not communicating, then you are not secure. Collaboration eliminates siloed decisions by connecting people, processes, and technologies. You leave less room for error, consume fewer resources, and improve operational efficiency with a transparent security operations process.

Impact and Result

  • A centralized security operations process actively transforms security events and threat information into actionable intelligence, driving security prevention, detection, analysis, and response processes that address the increasing sophistication of cyberthreats while guiding continuous improvement.
  • This blueprint will walk through the steps of developing a flexible and systematic security operations program relevant to your organization.

Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should build a security operations program, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

1. Establish your foundation

Determine how to establish the foundation of your security operations.

2. Assess your current state

Assess the maturity of your prevention, detection, analysis, and response processes.

3. Design your target state

Design a target state and improve your governance and policy solutions.

Guided Implementations

This guided implementation is a twenty-five call advisory process.

Guided Implementation #1 - Assess your current state

Call #1 - Project kick-off call
Call #2 - Assess current people, process, and technology capabilities
Call #3 - Assess prevention and detection capabilities
Call #4 - Assess analysis capabilities
Call #5 - Assess response and collaboration capabilities

Guided Implementation #2 - Design your target state

Call #1 - Assess your security risk profile
Call #2 - Identify optimization tactics and techniques
Call #3 - Map out your ideal target state

Guided Implementation #3 - Develop an implementation roadmap

Call #1 - Design a sourcing strategy
Call #2 - Formalize your implementation roadmap
Call #3 - Design an actionable measurement program

Guided Implementation #4 - Establish your foundation

Call #1 - Kick-off the project.
Call #2 - Determine security obligations.
Call #3 - Assess security pressure posture.
Call #4 - Define people, process, and technology requirements.

Guided Implementation #5 - Assess your current state

Call #1 - Assess current planning and direction capabilities.
Call #2 - Assess your prevention and detection capabilities.
Call #3 - Assess your analysis capabilities.
Call #4 - Assess your response and collaboration capabilities.

Guided Implementation #6 - Design your target state

Call #1 - Conduct a capacity analysis of current security operations duties.
Call #2 - Design an optimized state of operations.
Call #3 - Identify your program gaps and map out initiatives to take you to target state.

Guided Implementation #7 - Develop your roadmap

Call #1 - Design a sourcing strategy.
Call #2 - Formalize your implementation roadmap.
Call #3 - Design an actionable measurement program.

Onsite Workshop

Unlock This Blueprint

Book Your Workshop

Onsite workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost onsite delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

Module 1: Establish Your Foundation

The Purpose

  • Identify security obligations and the security operations program’s pressure posture.
  • Assess current people, process, and technology capabilities.
  • Determine foundational controls and complete system and asset inventory.

Key Benefits Achieved

  • Identified the foundational elements needed for planning before a security operations program can be built

Activities

Outputs

1.1

Define your security obligations and assess your security pressure posture.

  • Customized security pressure posture
1.2

Determine current knowledge and skill gaps.

  • Current knowledge and skills gaps
1.3

Shine a spotlight on services worth monitoring.

  • Log register of essential services
1.4

Assess and document your information system environment.

  • Asset management inventory

Module 2: Assess Current Security Operations Processes

The Purpose

  • Identify the maturity level of existing security operations program processes.

Key Benefits Achieved

  • Current maturity assessment of security operations processes

Activities

Outputs

2.1

Assess the current maturity level of the existing security operations program processes.

  • Current maturity assessment

Module 3: Design a Target State

The Purpose

  • Design your optimized target state.
  • Improve your security operations processes with governance and policy solutions.
  • Identify and prioritize gap initiatives.

Key Benefits Achieved

  • A comprehensive list of initiatives to reach ideal target state
  • Optimized security operations with repeatable and standardized policies

Activities

Outputs

3.1

Complete standardized policy templates.

  • Security operations policies
3.2

Map out your ideal target state.

  • Gap analysis between current and target states
3.3

Identify gap initiatives.

  • List of prioritized initiatives

Module 4: Develop an Implementation Roadmap

The Purpose

  • Formalize project strategy with a project charter.
  • Determine your sourcing strategy for in-house or outsourced security operations processes.
  • Assign responsibilities and complete an implementation roadmap.

Key Benefits Achieved

  • An overarching and documented strategy and vision for your security operations
  • A thorough rationale for in-house or outsourced security operations processes
  • Assigned and documented responsibilities for key projects

Activities

Outputs

4.1

Complete a security operations project charter.

  • Security operations project charter
4.2

Determine in-house vs. outsourcing rationale.

  • In-house vs. outsourcing rationale
4.3

Identify dependencies of your initiatives and prioritize initiatives in phases of implementation.

  • Initiatives organized according to phases of development
4.4

Complete a security operations roadmap.

  • Planned and achievable security operations roadmap