Grasp on next generation security operation centre (NGSOC): Comparative study

Document Type : Research Paper

Authors

1 Faculty of Computing, College of Computing and Applied Sciences, Universiti Malaysia Pahang, 26600 Pekan, Pahang, Malaysia & Sysarmy Snd Bhd, Wisma Zelan, No 12, 1, Jalan Tasik Permaisuri 2, Bandar Tun Razak, 56000 Kuala Lumpur,

2 Faculty of Computing, College of Computing and Applied Sciences, Universiti Malaysia Pahang, 26600 Pekan, Pahang, Malaysia

3 School of Computing, UUM College Arts Sciences, Universiti Utara Malaysia, 06010 UUM Sintok, Kedah Darul Aman, Malaysia

4 aFaculty of Computing College of Computing and Applied Sciences, Universiti Malaysia Pahang 26600 Pekan, Pahang Darul Makmur

Abstract

With the growing number of cyber security threats affecting the business environment of many organizations, especially the IT environment. With the growing number of cyber security threats affecting the business environment of many organizations, especially the IT environment. Managed protection systems, including SOC, are highly sought after. Managed protection systems, including SOC, are highly sought after. The problem with SOC is that when building up their own SOC or hiring a third-party to provide SOC, organizations are not able to apply adequate criteria or standard frameworks. The aim of the study is to lay the foundations for developing a modern system of systematic operation centers for the next generation (NGSOC) for IIoT climate. This paper contains thorough, qualitative literature survey on the implementation of a Security Operation Centre (SOC). A comparative study is carried out using a variety of previous research sources and a literature review. The findings from the report show that previous research is not adequately guided, especially in the safety and technical aspects of the building block of the SOC. It is hoped that by proposing the framework, cybersecurity threat prevention and identification would be strengthened even further. The success of the NGSOC will ultimately be determined by the integration of individuals, procedure, and technology.

Keywords

[1] A. Torres, Building a world-class security operations center: A roadmap, https://sibertor.com/wpcontent/uploads/2016/07/building-world-class-security-operations-center-roadmap-35907.pdf.
[2] Bank Negara Malaysia, Risk Management in Technology (RMiT), 2018.
[3] C. Crowley, Future SOC: SANS 2017 Security Operations Center Survey, 2017.
[4] C. Onwubiko, Cyber security operations centre: Security monitoring for protecting business and supporting cyber defense strategy, Int. Conf. Cyber Sit. Awar. Data Anal. Asses. 2015.
[5] F. D. Janos and N. H. P. Dai, Security concerns towards security operations centers, SACI 2018-IEEE 12th International Symposium on Applied Computational Intelligence and Informatics, Proceedings, (2018) 273–278.
[6] Frost & Sullivan, The 2017 Global Information Security Workforce Study: Benchmarking Workforce Capacity and Response to Cyber Risk,” Frost & Sullivan in partnership with Booz Allen Hamilton for ISC2, (2017) 1–8.
[7] ISACA, COBIT 5: An Introduction, 2012.
[8] ISO/IEC, Information Technology – Security Techniques – Information Security Management Systems – Requirements (ISO/IEC 27001:2013), 2013.
[9] J. Shenk, Ninth Log Management Survey Report, 2014.
[10] M. Grobler, P. Jacobs and B. van Niekerk, Cyber security centres for threat detection and mitigation, Threat Mit. Det. Cyber Warf. Terr. Act. (2014) 21–51.
[11] M. Nabil, S. Soukainat, A. Lakbabi and O. Ghizlane, SIEM selection criteria for an efficient contextual security, Int. Symp. Networks, Comput. Comm. (2017) 1–6
[12] M. Townsend, How a crippling shortage of analysts let the London Bridge attackers through, 2017.
[13] NetIQ, Service Level Agreement Guide, 2016.
[14] NIST, Cybersecurity Framework’s Five Functions, (2018)
[15] N. Miloslavskaya, Security operations centers for information security incident management, Proceedings - 2016 IEEE 4th International Conference on Future Internet of Things and Cloud, FiCloud (2016) 131–138.
[16] P. A. Networks, Build a Next-Generation SOC Techbrief, 2011.
[17] P. Cichonski, Computer Security Incident Handling Guide: Recommendations of the National Institute of Standards and Technology, NIST Special Pub. 79 (2012) 800–861.
[18] S. Bhatt, P. K. Manadhata, and L. Zomlot, The operational role of security information and event management systems, IEEE Security and Privacy, 12(5) (2014) 35–41.
[19] S. Kowtha, L. A. Nolan and R. A. Daley, Cyber security operations center characterization model and analysis, IEEE International Conference on Technologies for Homeland Security, HST, (2012) 470–475.
[20] S. Schinagl, K. Schoon and R. Paans, A framework for designing a security operations centre (SOC), Proc. Annual Hawaii Int. Conf. Sys. Sci. (2015) 2253–2262.
[21] S. Yuan and C. Zou, The security operations center based on correlation analysis, IEEE 3rd Int. Conf. Comm. Soft. Netw. (2011) 334–337.
[22] Symantec, Internet Security Threat Report, 2017.
Volume 12, Issue 2
November 2021
Pages 869-895
  • Receive Date: 13 February 2021
  • Revise Date: 30 March 2021
  • Accept Date: 20 April 2021