What Is a Security Operations Center (SOC) ?
A SOC is a team primarily composed of security analysts organized to detect, analyze, respond to, report on, and prevent cybersecurity incidents.
The practice of defense against unauthorized activity within computer networks, including monitoring, detection, analysis (such as trend and pattern analysis), and response and restoration activities.
There are many terms that have been used to reference a team of cybersecurity experts assembled to perform CND.
They include: ‚
- Computer Security Incident Response Team (CSIRT) ‚
- Computer Incident Response Team (CIRT) ‚
- Computer Incident Response Center (or Capability) (CIRC) ‚
- Computer Security Incident Response Center (or Capability) (CSIRC) ‚
- Security Operations Center (SOC) ‚
- Cybersecurity Operations Center (CSOC)
- ‚ Computer Emergency Response Team(CERT)
In order for an organization to be considered a SOC, it must:
- 1. Provide a means for constituents to report suspected cybersecurity incidents
- 2. Provide incident handling assistance to constituents
- 3. Disseminate incident-related information to constituents and external parties.