Highest Voted 'soc' Questions - IT Security Stack Exchange

41

votes

3 answers

What is the meaning of Triage in Cybersec world?

I searched Google about this term, but the definitions that I found was related to the medical world, and nothing related to IT. I think that is some kind of procedure of documenting something maybe? Note that I heard this word for the first time in…

terminology soc

asked Apr 09 '19 at 19:27

victor26567

503
4
6

8

votes

2 answers

Setting up own enterprise SOC

The other day I was talking with a service provider (MSSP) who has experience with operating SOC (security operations centre) 24x7. Their price was rather steep (in the millions range). I don't understand why it would be so steep. My impression of a…

firewalls attack-prevention ids soc

asked Feb 05 '15 at 13:39

dorothy

715
1
7
18

7

votes

1 answer

Security Operation Center (SOC)

I am looking for resources and details on establishing a security operation center (SoC) or network operation center (NoC) based on ITIL or any other applicable regulations. Where can I find good details or experiences of others except for hiring…

network siem operations soc

asked Apr 14 '11 at 17:09

Yasser Sobhdel

309
1
8

6

votes

4 answers

What is the difference between a SIEM and a SOC?

What is the difference between a SIEM (Security Information and Event Management) and a SOC (Security Operations Centre)? Do they work together? And if independent when to use which?

siem soc

asked Mar 28 '18 at 10:28

whatever489

838
3
9
21

6

votes

1 answer

Is there a certification AICPA grants to qualified auditors?

We are in the process of hiring an auditor in order to become SOC 2 compliant and would like to know if there's some kind of official auditor listing available, or at least a certification or AICPA endorsement we should be looking for.

compliance soc

asked Nov 08 '16 at 06:32

rebagliatte

201
2
3

5

votes

2 answers

Incident Responders: Can you give some examples of Incidents / types of incidents that are suitable for fully or partly automated response?

You setup security monitoring - either a full commercial SIEM/SOC or something home-cooked (e.g., rsyslog -> OSSIM / MozDef / Splunk / ...). You also setup some rules so that some event triage is done - and you only get alerts for potential…

incident-response siem automation soc

asked Jun 16 '17 at 16:35

Sas3

2,638
9
20

4

votes

1 answer

Steps to become SOC 2 compliant?

Are there any specific steps one must follow to achieve SOC 2 compliance? Or should one just get a checklist from a specialized auditor? Some context: We are a small company and need to become SOC 2 compliant in order to integrate with a partner's…

compliance soc

asked Nov 08 '16 at 07:14

rebagliatte

201
2
3

3

votes

1 answer

How many people are required to build your own 24x7 security operations center (SOC)? Rough costs?

I have received this question from a few clients, but I have 0 experience building a 24x7 SOC.

operations soc

asked Nov 16 '10 at 05:04

Tate Hansen

13,714
3
40
83

3

votes

4 answers

SOC and generic log parsing

I am making a conceptual work-flow of a SOC so if we suppose that a SIEM solution is integrated inside an organization's in-house SOC. Also, if the team of the SOC is the one managing the SIEM solution. My question is when we will face a log format…

siem log-analysis soc

asked Apr 23 '18 at 10:31

Hilo21

33
3

2

votes

1 answer

What is the difference between a SOC and a CSIRT?

So, from a summary of what I have found on the internet, a SOC collects information and the CSIRT makes conclusions based on that info. However, from what I see in labs/challenges websites like BlueTeam Labs Online, those lines aren't that defined…

incident-response soc

asked Jun 23 '21 at 13:30

Néstor Llop

23
5

2

votes

0 answers

Hardware Secure Element

After checking multiple suppliers and reading about HW secure elements, I would like to understand the use of this type of electronic components. Maybe I´m wrong, but it seems a HW secure element provides a Root of Trust for a certain data. This is,…

soc

asked Apr 08 '20 at 14:10

LazyTurtle

93
5

2

votes

2 answers

How should we mitigate threats that are keep coming to our security monitoring system?

We have continuous cybersecurity threat feeds that coming to our SOC on a daily basis from different sources that provide all the new CVEs, new malware variations and more. We just don't know how to handle these alerts in the right way and not only…

banks monitoring threat-mitigation threats soc

asked Oct 02 '18 at 12:58

Filipon

1,204
10
22

2

votes

1 answer

SOP for SQL Injection Attack

What should (or) how an Incident Handler do (or) follow when an SQL injection attack is reported? Initial Response Analysis Action Aiming to make a procedure guide to follow for myself and my team. Brief or detail, anything would help.

sql-injection injection soc

asked Nov 11 '15 at 17:35

suspect01

21
5

1

vote

0 answers

Anatomy of a Cyber exercise and SOC

What exactly entails an incident response exercise (like a Red/Tiger team excercise)? How does it add value to a security operations center? Is there any good resource I can read up on how to set up a 24x7 security operations center SOC? I am also…

cyber-warfare soc

asked Dec 16 '14 at 07:19

dorothy

715
1
7
18

1

vote

1 answer

What are the (two?) definitions of SOC?

On one hand "Security Operations Centre", but SOC is seemingly used in the reporting and certification domain, where does this come from? Is there another (or more) definitions of SOC in Information Security Compliance Certification, or do these…

certification soc vendor-selection

asked Mar 01 '21 at 14:20

PlasticCasio

93
7

Questions tagged [soc]