Read 12 - Bmjohnson87/401 GitHub Wiki

What are three tasks which SOCs often perform?

-The three task are Threat Detection and Monitoring, Incident Response and Management, and Compliance and Audit.

Explain what a SIEM solution is and how the SOC utilizes it in non-technical terms.

• A SIEM solution is an essential tool for a company's digital security, acting as both an early warning system and a comprehensive information source, helping the SOC keep the company's digital environment safe and secure.

How does the typical SOC team structure resemble the structure of an IT Help Desk.

• SOC: Tiers are based on the level of expertise required to handle security incidents. Lower tiers handle basic security alerts, while higher tiers deal with more complex security issues and incident response. IT Help Desk: Tiers are based on the complexity of IT issues. Basic troubleshooting is handled by lower tiers, with more complex IT problems escalated to higher tiers.

• Resources: https://www.splunk.com/en_us/blog/learn/soc-security-operation-center.html?301=/en_us/data-insider/what-is-a-security-operations-center.html