Adeyemi Adeleke

Cybersecurity

Risk Management

Product Management

Business Consulting and Development

Adeyemi Adeleke
Adeyemi Adeleke
Adeyemi Adeleke

Cybersecurity

Risk Management

Product Management

Business Consulting and Development

Contact Me
Blog Post

Building a Security Operation Center for a Financial organization.

September 8, 2023 Business by Adeyemi Adeleke
Building a Security Operation Center for a Financial organization.

In recent times, many industries have face increased cyber-attacks, however the targeted attack on financial organization is due to obvious information with personal identifiable Information, funds, and many others. Like they say, follow the money, the money is key.
In this journal, I will explain why, when, and how any financial organization should consider a Security Operation Center.

In May 2016, I was asked by the Chief Information Security Officer of a growing commercial bank, ‘Do I need a SOC?’ He wanted to know because a lot of contemporaries were building SOCs, and it was seen as unserious if you don’t do the right project the industry is doing.

My response was that SOC is not a collection of low or high-definition screen showing several dashboards of your tools. Your SOC must be a proactive and strategic approach helps your organizations detect, respond to, and mitigate security threats and incidents. It is an essential component of a comprehensive cybersecurity strategy in an increasingly complex and threatening digital landscape.

The environment is important to having a good SOC program, there are more important factors. Invariably, that is why I wrote this journal when we discussed.

Why do you need a SOC? The below are summarized use cases of a SOC

  1. To detect to anomalies within and outside the organization.
  2. To protect and prevent the organization from attacks and breaches
  3. To respond to adequately fight or stop any possible attacks
  4. To mitigate these real-time threats and conduct a thorough risk assessment
  5. To recover the company assets after post-incident analysis and documents
  6. To comply with industry-standard and regulations
  7. To learn and build intelligence for the future.

    Having a SOC would help every organization to be proactive and strategic. It helps builds maturity in the system. The SOC Manager and analysts are primed they must perform as they are the solder or as a friend called it, they are the gatekeepers.

    However, what is a SOC without Intelligence?
    Intelligence from external sources or Internal sources are key to having a matured SOC. Human Intelligence or scripted feeds are key to mitigating the everyday threat. Many organizations subscribed for these feeds monthly however people intelligence is also key. Organizations need to train and retrain to achieve a stronger matured program.

    When do you need a SOC?
    To build a SOC are usually based on the industry, organization’s specific needs, risk factors and capabilities. These priorities are based on what the organization want to achieve and their overall’s information security strategy.

    Five key things to consider when building a SOC

  1. Size and strategy of the organization:
  2. Risk Profile: Depends on the exposure of the organization
  3. Industry and Regulatory Compliance
  4. Business Growth
  5. Incident Frequency and Increasing Cyber Threats

    These above factors are summarized indicators to when an organization needs a SOC. I do believe that based on industry, the above list could be more robust. However, for the focus of a financial organization, these 5 indicators cover a path.

    How should a SOC be built?
    Building a SOC is an ongoing process, and it is life journey that requires constant change and growth. Below is step-by-step guide for a SOC.
  • Define Objectives and Scope
  • Allocate Resources
  • Establish Leadership
  • Assemble a Skilled team
  • Select a location
  • Define processes and Procedures
  • Select Security tool and Technologies
  • Develop an Incident response plan
  • Develop a reporting, training, and skill development
  • Develop a communication plan

A SOC should comprise of People, Technology, and the Process. The journey to merge these key pillars will determine if a dedicated SOC is important.
Security Operation Center can be dedicated, Managed, or outsourced. In the terms of location, it can also be on-premises or remote.

3 Main types of SOCs

  1. In-house SOC. These are SOC where technology, tools, teams are all inhouse.
  2. Cloud SOC: A scenario where the technology and tools and teams are in cloud however the team are staff of the organization.
  3. Hybrid SOC: This is a merge of both inhouse and cloud.
    It is important to mention Managed SOC where services are controlled or operated by external team.

A managed SOC could operate in an inhouse model, Cloud or Hybrid Model.

By Adeyemi Adeleke


Related Posts