Security icon

Develop Foundational Security Operations Processes

Transition from a security operations center to a threat collaboration environment.

Unlock

This content requires an active subscription.

Access this content by logging in with your Info-Tech Research Group membership or contacting one of our representatives for assistance.

Speak With A Representative Sign In
or Call: 1-888-670-8889 (US) or 1-844-618-3192 (CAN)

View Storyboard

Solution Set Storyboard thumbnail

Contributors

  • Jason Bevis – Senior Director Orchestration Product Management, Office of the CTO
  • Douglas Andre – Director of Cybersecurity, PenFed Credit Union
  • Seth Shestack – Director of Information Security, Temple University
  • Ron Kirkland – Manager of ICT Security & Customer Service, Crawford & Company
  • David Miller – Chief Executive Officer, Uzado
  • Jim Hosley – Director of IT Security, Urban Outfitters
  • Candy Alexander – CISO, Alexander-Advisory
  • Jason Bareiszis – Incident Response Manager, Tetra Tech
  • Trevor Butler – General Manager of IT, City of Lethbridge
  • Fawad Khan – MS Cyber Security Fusion Center, Financial Services
  • Ryan Breed – CTO, Director of Mayhem, Cascade Failure, Inc.
  • Peter Clay – Principal, Zeneth Tech Partners
  • 3 anonymous contributors

Your Challenge

  • Organizations have limited visibility into their threat landscape, which makes them vulnerable to the latest attacks. That vulnerability hinders business practices, workflow, revenue generation, and damages an organization’s public image.
  • Organizations are developing ad hoc security capabilities that result in operational inefficiencies, the misalignment of resources, and the misuse of their security technology investments.
  • There is limited communication between security functions due to a centralized security operations organizational structure.
  • Threat management has become resource-intensive, requiring continuous monitoring, collection, and analysis of massive volumes of security event data.

Our Advice

Critical Insight

  1. Security operations is no longer a center, but a process. The need for a physical security hub has evolved into the virtual fusion of prevention, detection, analysis, and response efforts. When all four functions operate as a unified process, your organization will be able to proactively combat changes in the threat landscape.
  2. Raw data without correlation is a waste of time, money, and effort. A SIEM on its own will not provide this contextualization. Prevention, detection, analysis, and response processes must contextualize threat data to supplement one another – true value will only be realized once all four functions operate as a unified process.
  3. If you are not communicating, then you are not secure. Collaboration eliminates siloed decisions by connecting people, processes, and technologies. You leave less room for error, consume fewer resources, and improve operational efficiency with a transparent security operations process.

Impact and Result

  • Optimized prevention, detection, analysis, and response efforts through leveraging next-generation techniques including use cases, automation, advanced threat hunting, netflow analysis, visualization & dashboarding, rule & incident management flow, web portals, and onboarding & data management.
  • A collaborative environment that unites people, processes, and technology.
  • Identified security operations gaps and prioritized implementation efforts accordingly.
  • Enhanced communication through a central knowledge portal, defined threat escalation procedures, and a comprehensive ticketing function.
  • A tailored sourcing strategy that caters to your unique organizational DNA.
  • An actionable, operational, and strategic measurement program.
  • An intelligence-driven security operations program.

Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should enhance your security operations program, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Guided Implementations

This guided implementation is an eleven call advisory process.

Guided Implementation #1 - Assess your current state

Call #1 - Project kick-off call
Call #2 - Assess current people, process, and technology capabilities
Call #3 - Assess prevention and detection capabilities
Call #4 - Assess analysis capabilities
Call #5 - Assess response and collaboration capabilities

Guided Implementation #2 - Design your target state

Call #1 - Assess your security risk profile
Call #2 - Identify optimization tactics and techniques
Call #3 - Map out your ideal target state

Guided Implementation #3 - Develop an implementation roadmap

Call #1 - Design a sourcing strategy
Call #2 - Formalize your implementation roadmap
Call #3 - Design an actionable measurement program

Onsite Workshop

Discuss This Workshop

Book Your Workshop

Onsite workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost onsite delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

Module 1: Assess Your Current State

The Purpose

  • Determine current capabilities, operational inefficiencies, and opportunities for improvement.

Key Benefits Achieved

  • Understand the differences between a traditional and next-generation security operations program.
  • Assess and mature current prevention, detection, analysis, and response capabilities.
  • Optimize your security operations through the adoption of next-generation processes.
  • Isolate operational problem areas and consolidate people, processes, and technology.

Activities

Outputs

1.1

Understand the benefits of refining your security operations program.

1.2

Gauge your prevention capabilities.

1.3

Gauge your detection capabilities.

1.4

Gauge your analysis capabilities.

1.5

Gauge your response capabilities.

  • Security Operations Maturity Assessment Tool
  • Security Operations Event Prioritization Tool
  • Security Operations Workbook
1.6

Develop a comprehensive collaboration program.

Module 2: Design Your Target State

The Purpose

  • Begin developing and prioritizing gap initiatives in order to achieve the optimal state of operations.

Key Benefits Achieved

  • Support your decision to optimize security operations.
  • Identify planning gaps specific to your organization’s unique threat landscape.
  • Formalize the implementation process with an official policy and guide.

Activities

Outputs

2.1

Assess your security pressure posture.

  • Security Pressure Posture Analysis Tool
2.2

Optimize your security operations processes.

  • Security Operations Efficiency Calculator
  • Security Operations Policies
2.3

Design your ideal target state.

  • Security Operations Maturity Assessment Tool
2.4

Prioritize gap initiatives.

Module 3: Develop an Implementation Roadmap

The Purpose

  • Formalize the initiative.
  • Determine the appropriate sourcing strategy.
  • Develop a comprehensive and actionable measurement program.

Key Benefits Achieved

  • Identify the appropriate sourcing strategy and subsequent SLAs.
  • Formalize the implementation process with an official and prioritized roadmap.
  • Measure the success of your security operations with relevant, actionable, and timely metrics.

Activities

Outputs

3.1

Establish your case to management.

  • Security Operations Project Charter
3.2

Develop an appropriate sourcing strategy.

  • In-House vs. Outsourcing Decision-Making Tool
  • Security Operations MSSP RFP Template
3.3

Assign roles and responsibilities to your implementation roadmap.

  • Security Operations RACI Tool
3.4

Develop a comprehensive measurement program.

  • Security Operations Metrics Summary Document
  • Security Operations TCO & ROI Comparison Calculator