5 pages/≈1375 words
IT & Computer Science
Secure Operations Center Personnel Structure Coursework (Coursework Sample)
the task was to analyze the security structure of a company and make a proposal for a suitable secure operations center with budget estimates
SOC Personnel Structure
SOC Personnel Structure
A good Security Operations Center (SOC) is normally composed of highly skilled and well-organized personnel that have a duty of monitoring and improving security posture of an organization continuously to ensure that they detect, prevent, analyze, and respond to the threat of cyber-attacks using appropriate technology and process and procedures put in place (Kelley & Moritz 2006). The success of SOC strategy does not only need the skilled personnel but also the unwavering support of the executive.SOC personnel needs to work in a comfortable environment where their visibility is not strained and they can work efficiently.
SOC Personnel Structure
The proposed SOC for SecureIT@HQ will need personnel ready to respond to security incidences. The personnel must be well trained to respond to changing needs of security requirements. Below are the security personnel that will be needed to handle security incidences.
Leve One- Security Analysts (4 Personnel)
The duty of security analysts at the first level is to monitor security alerts continuously. They then have to determine which of the alerts need immediate attention to decide the order in which they will attend to them. Additionally, they will have to monitor the endpoints and health of security sensors and establish extent of the threats (Nathans 2014). They normally take between three and five minutes to respond. They have to decide what needs to be done next. Personnel here need to be trained continuously on intrusion detection, procedures for alert triage, security information and event management (SIEM), and additional training on using specific security tools. Moreover, they should have necessary security certifications. They will have to prepare the groundwork for level two personnel.
Level Two- Incident Responders (2 Personnel)
If the level one personnel determine that the threat is serious and needs additional attention, level two personnel will need to come in not more than five minutes after the incident is detected. They will have to performed detailed investigation of the reported incidents to understand exactly what has happened. They will have to determine if the incident has impacted a critical data set or system and advice on the necessary remedy(Muniz, McIntyre &AlFardan2015). In addition, they will be tasked with advising on new ways of detecting intrusion and threats. Personnel here will continuously be trained on procedures for responding to incidents, host-based forensic, advanced network forensic, malware assessment, and threat intelligence. They personnel need certification on hacker techniques and tools, in-depth intrusion detection, incident handling, and all necessary security certification.
Level Three- Hunt/Subject Matter Experts (4 Personnel)
They normally work at the same time at level two personnel. There tasks are not related with those of level one personnel. They will have the duty to identify and trace unusual activities and previous threats (Horne 2014). They must have good knowledge on endpoints, network, forensics, malware reverse engineering, threat intelligence, and how the underlying IT infrastructure works. Their duty is to “hunt” for the unknown and never wait for incidences to escalate. They will be continuously trained on how to detect anomalies, threat intelligence, and data aggregation. They will have to possess certification in intrusion detection, hacker tools and techniques, incident handling and exploits, and malware analysis.
Associate Chief Analyst
Will be reporting directly to me and the CIA on the security situation at the SOC. The analyst will have the qualifications expected of a security analyst and subject matter experts. They will work closely with the personnel at all the levels above to get to know in details the security situation. The chief analyst will continuously train together with the security analysts and subject matter experts.
The SOC Manager
The SOC manager will be needed to manage resources and providing direction for the SOC. They will be continuously in communication with the executives on how the operations at the SOC are going on. Additionally, they are responsible for the overall SOC security strategy(Ruefle et al. 2014). The must be adequately trained on incident response management, project management, and people management. They must have certification in CISA, CISP, CGEIT or CISM.
How SOC Personnel Structure Meets Constraints
The SOC structure proposes a team of four security analysts, two incident responders, four subject matter experts, an associate chief analyst, and an SOC manager. This is a relatively small team that will not make SOC incur excessive costs in terms of their remuneration and certification. The team is expected to be skilled enough and will not need excessive training. There will be a clear separation of duties and if any personnel for, one reason or another, ceases to be part of the team, a new recruit with appropriate skills will be hired to replace the departed personnel. The goal is to ensure that the SOC personnel to able to effectively respond to the all alerts without being overwhelmed. The personnel should be able to gather threat intelligence and sort them in order of priority for action.
On average, each security analyst will be paid an annual salary of $180, 0000. The four of them will need average annual salary of $720,000. The average amount will apply for the two incident responders; their total will be $360,000. The four subject matter experts are also expected to earn an average annual salary of $180,000 each translating to an annual salary of $720,000. The associate chief analyst is expected to earn an average annual salary of $200,000. The SOC manager is expected to earn an average annual salary of $250,000. The total annual salary for the first year is estimated at $2,250, 000.
The personnel selection will competitive and only qualified individuals will be selected to ensure that the team is able to start work within two months of coming together. Any member of the security personnel will be replaced with someone with the same knowledge and there will be no transfer of duties when a staff leaves the security team. The personnel will be hired based on their knowledge and the SOC budget will cover their certification costs. It is expected that each personnel will attend one certification course yearly to be up-to-date with the changing needs of security. The SOC is to maintain the staff number at 12 at any given moment. The certification costs are estimated at $100,000 per year for all the security personnel.
The total of salary and certification is estimated at $2,350,000. The fixed cost is estimated at $32,250 annually and the on-costs are estimated at $329,000. The total costs expected to be incurred in the first year is $2,711,250. The first-year underspend is expected to be $888,750.
How the Solution will Meet SOC Requirements
The SOC will be important for the organization. A good SOC should have detection and prevention capabilities. Prevention capability will give the SOC the ability to stop attacks from happening (Ritchey 2017). The solution will use “network detection and prevention system” (NIPS). NIPS is used to prevent attacks for actually succeeding. The SOC will have the ability to inspect the conten...
Get the Whole Paper!
Not exactly what you need?
Do you need a custom essay? Order right now: