Christopher Rodman, Breanna Kraus, Justin Novak (SEI/CERT)

Organizations come in all shapes and sizes, serve myriad purposes, and exist in different security environments. But they all have one thing in common: they need security operations. How should an organization determine which services and functions its Security Operations Center (SOC) should provide? This paper identifies five factors that influence an organization’s SOC service priorities. It then describes a workflow that complements standard security frameworks to efficiently determine and prioritize the services that a SOC should perform for an organization. The services that the SOC offers should complement the organization’s overall cybersecurity program and align with higher level cybersecurity assessment frameworks, such as the National Institute of Standards and Technology Cybersecurity Framework. The workflow is repeatable and can be used regularly to evaluate whether SOC services continue to align with an organization’s priorities in a changing world. This work will interest those responsible for the design, coordination, and implementation of security operations teams in organizations of any size.

View More Papers

ORL-AUDITOR: Dataset Auditing in Offline Deep Reinforcement Learning

Linkang Du (Zhejiang University), Min Chen (CISPA Helmholtz Center for Information Security), Mingyang Sun (Zhejiang University), Shouling Ji (Zhejiang University), Peng Cheng (Zhejiang University), Jiming Chen (Zhejiang University), Zhikun Zhang (CISPA Helmholtz Center for Information Security and Stanford University)

Read More

Low-Quality Training Data Only? A Robust Framework for Detecting...

Yuqi Qing (Tsinghua University), Qilei Yin (Zhongguancun Laboratory), Xinhao Deng (Tsinghua University), Yihao Chen (Tsinghua University), Zhuotao Liu (Tsinghua University), Kun Sun (George Mason University), Ke Xu (Tsinghua University), Jia Zhang (Tsinghua University), Qi Li (Tsinghua University)

Read More

Strengthening Privacy in Robust Federated Learning through Secure Aggregation

Tianyue Chu, Devriş İşler (IMDEA Networks Institute & Universidad Carlos III de Madrid), Nikolaos Laoutaris (IMDEA Networks Institute)

Read More

5G-Spector: An O-RAN Compliant Layer-3 Cellular Attack Detection Service

Haohuang Wen (The Ohio State University), Phillip Porras (SRI International), Vinod Yegneswaran (SRI International), Ashish Gehani (SRI International), Zhiqiang Lin (The Ohio State University)

Read More