Document Open Access Logo

Infrastructural Challenges and Good Practices in a Security Operation Center

Authors Dimitri Alexandre da Silva, José Luís Costa, João Rafael Almeida

PDF
Thumbnail PDF

File

OASIcs.SLATE.2024.13.pdf
  • Filesize: 0.6 MB
  • 12 pages

Document Identifiers

Author Details

Dimitri Alexandre da Silva
  • DETI/IEETA, LASI, University of Aveiro, Portugal
José Luís Costa
  • DETI/IEETA, LASI, University of Aveiro, Portugal
João Rafael Almeida
  • DETI/IEETA, LASI, University of Aveiro, Portugal

Funding

This work has received support from the EU/CINEA Innovation and Networks Executive Agency under grant agreement No 29335026.

Cite AsGet BibTex

Dimitri Alexandre da Silva, José Luís Costa, and João Rafael Almeida. Infrastructural Challenges and Good Practices in a Security Operation Center. In 13th Symposium on Languages, Applications and Technologies (SLATE 2024). Open Access Series in Informatics (OASIcs), Volume 120, pp. 13:1-13:12, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2024)
https://doi.org/10.4230/OASIcs.SLATE.2024.13

Abstract

Organizations are facing some challenges in cybersecurity, due to the increasing of cyber threats, vulnerabilities, insufficient cybersecurity frameworks, and scarcity of proficient cybersecurity experts. The criticality of mitigating these challenges is underscored by the European Union’s Network and Information Systems (NIS) Directive. This directive is instrumental in fostering a uniformly high level of cybersecurity throughout the EU, mandating that Member States implement robust national cybersecurity strategies and collaborate effectively in responding to cyber incidents. A possible solution is the implementation of a Security Operations Center (SOC). However, SOCs are not a one-size-fits-all solution and each organization has specific needs depending on their business domain. This task can be complex, and it can be simplified when organizations can identify in the initial stages the infrastructural challenges that may emerge when implementing a SOC. In this paper, we analyzed the main considerations that should be considered when using current frameworks reviewed in the literature. We identified the core operating models that are currently in use and being deployed, and which are the best practices when designing a SOC’s infrastructure.

Subject Classification

ACM Subject Classification
  • Security and privacy → Operating systems security
  • Security and privacy → Intrusion detection systems
  • Security and privacy → Security requirements
  • Security and privacy → Formal security models
Keywords
  • Eduroam
  • Wi-Fi
  • Credential stealing
  • Attack
  • Network
  • Security

Metrics

  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    0
    PDF Downloads
    0
    Metadata Views

References

  1. Comparative analysis of security operations centre architectures; proposals and architectural considerations for frameworks and operating models, author=Radu, Sabina Georgiana. In Innovative Security Solutions for Information Technology and Communications: 9th International Conference, SECITC 2016, Bucharest, Romania, June 9-10, 2016, Revised Selected Papers 9, pages 248-260. Springer, 2016. Google Scholar
  2. Cyber Attack Trends - Check Point’s 2022 Mid-Year Report. Technical report, Check Point, 2022. URL: https://www.checkpoint.com/downloads/resources/cyber-attack-trends-report-mid-year-2022.pdf.
  3. Cyber Security Market Overview by Size, Growth & Trends, 2029. Technical report, Fortune Business Insights, 2022. URL: https://www.fortunebusinessinsights.com/industry-reports/cyber-security-market-101165.
  4. Cybersecurity Workforce Study. Technical report, (ISC) 2, 2022. Google Scholar
  5. State of Cybersecurity. Technical report, CompTIA, 2022. URL: https://www.comptia.org/content/research/cybersecurity-trends-research.
  6. Claire Agutter. ITIL Foundation Essentials ITIL 4 Edition-The Ultimate Revision Guide. IT Governance Publishing Ltd, 2020. Google Scholar
  7. Renaud Bidou, Julien Bourgeois, and Francois Spies. Towards a global security architecture for intrusion detection and reaction management. In Information Security Applications: 4th International Workshop, WISA 2003 Jeju Island, Korea, August 25-27, 2003 Revised Papers 4, pages 111-123. Springer, 2004. Google Scholar
  8. Matt Bromiley. SANS 2019 Incident Response (IR) Survey: It’s Time for a Change A SANS Survey. Technical report, SANS, 2019. URL: https://www.sans.org/white-papers/39070/.
  9. Steven De Haes, Wim Van Grembergen, Anant Joshi, and Tim Huygh. COBIT as a Framework for Enterprise Governance of IT, pages 125-162. Springer International Publishing, Cham, 2020. URL: https://doi.org/10.1007/978-3-030-25918-1_5.
  10. European Union Agency for Cybersecurity ENISA. ENISA CSIRT Maturity Framework, 2022. URL: https://doi.org/10.2824/35453.
  11. Open CSIRT Foundation. SIM3 v2 interim – Security Incident Management Maturity Model, 2023. URL: https://opencsirt.org/wp-content/uploads/2023/11/SIM3_v2_interim_standard.pdf.
  12. Gartner. Market Guide Research Methodology, 2023. URL: https://www.gartner.com/en/research/methodologies/market-guide.
  13. US HHS. Your Rights Under HIPAA, 2022. URL: https://www.hhs.gov/hipaa/for-individuals/guidance-materials-for-consumers/index.html.
  14. Lella Ifigeneia, Tsekmezoglou Eleni, Malatras Apostolos, and Theocharidou Marianthi. ENISA Threat Landscape 2022. Technical report, ENISA, 2022. URL: https://www.enisa.europa.eu/publications/enisa-threat-landscape-2022.
  15. Muyowa Mutemwa, Jabu Mtsweni, and Lukhanyo Zimba. Integrating a security operations centre with an organization’s existing procedures, policies and information technology systems. 2018 International Conference on Intelligent and Innovative Computing Applications, ICONIC 2018, 1 2019. URL: https://doi.org/10.1109/ICONIC.2018.8601251.
  16. National Institute of Standards NIST and Technology. The NIST Cybersecurity Framework (CSF) 2.0, 2024. URL: https://doi.org/10.6028/NIST.CSWP.29.
  17. Sean Oesch, Robert Bridges, Jared Smith, Justin Beaver, John Goodall, Kelly Huffer, Craig Miles, and Dan Scofield. An Assessment of the Usability of Machine Learning Based Tools for the Security Operations Center. In 2020 International Conferences on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData) and IEEE Congress on Cybermatics (Cybermatics), pages 634-641, 2020. URL: https://doi.org/10.1109/iThings-GreenCom-CPSCom-SmartData-Cybermatics50389.2020.00111.
  18. Cyril Onwubiko and Karim Ouazzane. Challenges towards Building an effective Cyber Security Operations Centre. International Journal on Cyber Situational Awareness, 4:11-39, 2 2022. URL: https://doi.org/10.22619/IJCSA.2019.100124.
  19. Stef Schinagl, Keith Schoon, and Ronald Paans. A Framework for Designing a Security Operations Centre (SOC). In 2015 48th Hawaii International Conference on System Sciences, pages 2253-2262, 2015. URL: https://doi.org/10.1109/HICSS.2015.270.
  20. PCI SSC. Official PCI Security Standards Council Site v4.0, 2022. URL: https://www.pcisecuritystandards.org/.
  21. European Union. Regulation (EU) 2016/ 679 of the European Parliment and Council, 2016. URL: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679.
  22. European Union. NIS 2 Directive, 2022. URL: http://data.europa.eu/eli/dir/2022/2555/ojf.
  23. Risto Vaarandi and Sten Mases. How to Build a SOC on a Budget. Proceedings of the 2022 IEEE International Conference on Cyber Security and Resilience, CSR 2022, pages 171-177, 2022. URL: https://doi.org/10.1109/CSR54599.2022.9850281.
  24. Manfred Vielberth, Fabian Bohm, Ines Fichtinger, and Gunther Pernul. Security Operations Center: A Systematic Study and Open Challenges. IEEE Access, 2020. URL: https://doi.org/10.1109/ACCESS.2020.3045514.
  25. Stephen Watts and Muhammad Raza. SaaS vs PaaS vs IaaS: What’s The Difference & How To Choose, 2019. URL: https://www.bmc.com/blogs/saas-vs-paas-vs-iaas-whats-the-difference-and-how-to-choose/.
  26. Olga Wenge, Ulrich Lampe, Christoph Rensing, and Ralf Steinmetz. Security Information and Event Monitoring as a Service: a Survey on Current Concerns and Solutions. PIK - Praxis der Informationsverarbeitung und Kommunikation, 37:163-170, 6 2014. URL: https://doi.org/10.1515/PIK-2014-0009.
Questions / Remarks / Feedback
X

Feedback for Dagstuhl Publishing


Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail
© 2023-2024 Schloss Dagstuhl – LZI GmbH Imprint Privacy Contact