Home | README.md | Portfolio | ← | →

Reading

What is a SOC?

SOC stands for Security Operations Center. It is hub where security professional work to monitor and secure a company's digital assets and responds to cyber threats etc.

What are three tasks which SOCs often perform?

1. monitor activity specifically incidents
2. detect and analyze that activity
3. respond to cybersecurity threats
4. including putting their systems to the test by trying to penetrate through the defenses they put up.

Explain what a SIEM solution is and how the SOC utilizes it in non-technical terms.

SIEM stands for Security Information and Event Management- it offers the ability to see everything going on in your network, a lot like that map Harry Potter was given of the whole Hogwarts School, where he could see everyone and where they were headed to.

How does the typical SOC team structure resemble the structure of an IT Help Desk.

The SOC team structure has a hierarchy of escalating a situation, just like IT Help Desk. They both start with identifying the situation, and go deeper as you escalate the situation further.

Everything is documented in an organized fashion, so the next level can see clearly what the situation is and how to fix it, and then how to implement better security after the incident is handled so it doesn't happen again.