August 31, 2016

Security Operations (SecOps)

For starters, let’s discuss what Security Operations (a.k.a. SecOps) is. SecOps is a combination of the IT Security Team and the IT Operations Team.  When SecOps is done properly the conflict between the Security team finding vulnerabilities and the Operations team never getting around to implementing the remediation steps goes away.  The SecOps team finds and remediates vulnerabilities, there is no hand off issues because the SecOps team owns the problem and the solution.

If you are building a SecOps team from scratch or you have an existing team, you can improve your security posture by implementing a Cyber Security Framework (CSF).  There are a few to chose from like NIST (below), SANS CIS implementation of controls for NIST, and COBIT.  Make no mistake, fully implementing a framework will take some time, the framework is huge.  However, the payoffs for doing so will become obvious the first time that you thwart a major breach or attack.

NIST Cyber Security Framework

These topics are based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF).

Known NIST Special Publications for Computer Security (SP-800’s):