Zusammenfassung
The Security Operations Center represents an organizational aspect of a security strategy in an enterprise by joining processes, technologies, and people (Madani et al. 2011; Schinagl et al. 2015). It is usually not seen as a single entity or system but rather as a complex structure to manage and enhance an organization’s overall security posture. Therefore, it creates situational awareness, ...
Zusammenfassung
The Security Operations Center represents an organizational aspect of a security strategy in an enterprise by joining processes, technologies, and people (Madani et al. 2011; Schinagl et al. 2015). It is usually not seen as a single entity or system but rather as a complex structure to manage and enhance an organization’s overall security posture. Therefore, it creates situational awareness, mitigates the exposed risks, and helps to fulfill regulatory requirements (Kelley and Moritz 2006). It integrates, monitors, and analyzes all security-relevant systems and events in an organizational unit. Additionally, it provides governance and compliance as a framework in which people operate and to which processes and technologies are tailored. To realize the technical side of security operations, SOCs commonly employ, among others, SIEM systems as central tools.