COVID-19 Update: We are currently shipping orders daily. However, due to transit disruptions in some geographies, deliveries may be delayed. To provide all customers with timely access to content, we are offering 50% off Science and Technology Print & eBook bundle options. Terms & conditions.
Designing and Building Security Operations Center - 1st Edition - ISBN: 9780128008997, 9780128010969

Designing and Building Security Operations Center

1st Edition

5.0 star rating 1 Review
Author: David Nathans
Paperback ISBN: 9780128008997
eBook ISBN: 9780128010969
Imprint: Syngress
Published Date: 6th November 2014
Page Count: 276
Sales tax will be calculated at check-out Price includes VAT/GST
Price includes VAT/GST

Institutional Subscription

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.


Do you know what weapons are used to protect against cyber warfare and what tools to use to minimize their impact? How can you gather intelligence that will allow you to configure your system to ward off attacks? Online security and privacy issues are becoming more and more significant every day, with many instances of companies and governments mishandling (or deliberately misusing) personal and financial data.

Organizations need to be committed to defending their own assets and their customers’ information. Designing and Building a Security Operations Center will show you how to develop the organization, infrastructure, and capabilities to protect your company and your customers effectively, efficiently, and discreetly.

Written by a subject expert who has consulted on SOC implementation in both the public and private sector, Designing and Building a Security Operations Center is the go-to blueprint for cyber-defense.

Key Features

  • Explains how to develop and build a Security Operations Center
  • Shows how to gather invaluable intelligence to protect your organization
  • Helps you evaluate the pros and cons behind each decision during the SOC-building process


Security managers, analysts, engineers; Chief Security Officers, Chief Information Officers, risk officers, IT professionals

Table of Contents

Chapter 1: Efficient operations

  • Abstract
  • Defining an operations center
  • Purpose of the operations center
  • Emergency operations center
  • Mission operations center
  • Threat operations center
  • Network operations center
  • Let us build a SOC!
  • Technology phase
  • Organizational phase
  • Policy phase
  • Operational phase
  • Intelligence phase
  • Plan your SOC
  • Logs
  • Event
  • Alerts
  • False positive
  • True positive
  • False negative
  • True negative
  • Incidents
  • Problems
  • Define your requirements
  • Summary

Chapter 2: Identify your customers

  • Abstract
  • Internal versus external customers
  • Human resources
  • Legal
  • Audit
  • Engineering/R&D
  • IT
  • External customers
  • Customer objectives
  • Service level agreements
  • Build and document your use cases
  • Use case: unauthorized modification of user accounts
  • Stakeholders: compliance and audit departments
  • Use case: disabled user account reactivated
  • Stakeholders: HR and IT
  • Use case: any IDS event that scores over a severity of 7
  • Use case: AV failure
  • Stakeholders: desktop support team, IT server management teams
  • Use case: security device outage
  • Stakeholders: security and IT
  • Use case rule summary
  • Use case: top vulnerabilities detected in the network
  • Stakeholders: security, IT, audit, and management
  • Use case reporting summary
  • Expectations

Chapter 3: Infrastructure

  • Abstract
  • Organizational infrastructure > operations infrastructure > support infrastructure
  • Organizational security infrastructure
  • Perimeter defenses
  • Network defense
  • Host defenses
  • Application defenses
  • Data defense
  • Policies and procedures
  • Security architecture
  • SIEM/log management
  • Operation center infrastructure
  • Building the ticket system
  • Subject
  • Parsed values from events
  • Time ticket created
  • User\group\queue
  • Source (SIEM, email, phone)
  • Category
  • Status
  • Reason codes
  • Acknowledgment/ticket feedback
  • Workflow and automation
  • Portal interface
  • Mobile devices
  • Support infrastructure
  • Physical
  • Private SOC network
  • Video walls
  • Video projectors
  • Labs

Chapter 4: Organizational structure

  • Abstract
  • Different reporting lines
  • Legal
  • CISO
  • CIO
  • Compliance
  • SOC organization
  • Engineering
  • Security architecture
  • Security monitoring and analysis
  • Responsibility
  • Authority
  • Fulfilling needs

Chapter 5: Your most valuable resource is your people

  • Abstract
  • Operational security
  • Culture
  • Personality
  • Core skill sets
  • Analysts
  • Security analyst—job description
  • Security engineering
  • Security operations engineer—job description
  • Security architect
  • Security architect—job description
  • SOC team lead
  • SOC team lead—job description
  • SOC management
  • SOC manager—job description
  • SOC games
  • Special projects
  • Do not forget your people

Chapter 6: Daily operations

  • Abstract
  • Problem and change event communications
  • Shift turn overs
  • Daily operations calls
  • Critical bridges
  • IR
  • Detection
  • Confirmation
  • Analysis
  • Containment
  • Recovery
  • Review
  • Communication plan
  • Regular workshops
  • Checklists
  • Shift schedules
  • Types of shift schedules
  • Other shift options
  • Follow the sun
  • Shift rotation
  • Dealing with absenteeism

Chapter 7: Training

  • Abstract
  • Internal functional training
  • Internal skill set training
  • Summary

Chapter 8: Metrics

  • Abstract
  • Heads up display
  • Supervisor metrics
  • Vulnerabilities
  • Vulnerability prioritizing
  • Base CVSS2 threshold
  • Temporal CVSS2 threshold
  • Asset prioritizing as a part of metrics
  • Historical monitoring of patches

Chapter 9: Intelligence

  • Abstract
  • Know thyself
  • Known IP space, know thy enemy
  • Blacklists
  • Black listing projects
  • Other types of lists
  • Organizations and industry partners
  • Proactive activity monitoring

Chapter 10: Outsourcing

  • Abstract
  • Types of MSSPs
  • Advantages of MSSP outsourcing
  • Disadvantages to MSSP outsourcing
  • How the services will be delivered
  • Summary

Chapter 11: Do not forget why you are here

  • Abstract


No. of pages:
© Syngress 2015
6th November 2014
Paperback ISBN:
eBook ISBN:

About the Author

David Nathans

David Nathans is a highly-sought-after consultant on building enterprise security programs, Security Operation Centers and as a speaker on cyber security for conferences, interest groups, and corporate events. As a former CISO for a large US and Italian defense contractor as well as the former Global Security Operations Center manager for one of the largest Managed Security Services Providers in the world, he has a wealth of security operations knowledge he now shares. The experiences and lessons learned also stem from his time building security programs at one of the largest breached retail companies in history as well as working all over the world as a cyber-operations officer for the U.S. Air Force. He has also written and continues to write articles for SC Magazine

Affiliations and Expertise

SC Magazine, consultant


"...a highly recommended reference for security managers and security practitioners who want to develop the capability to efficiently protect a company and its customers, or simply improve security incident management." --Computing Reviews

"A SOC is a security component most organizations are in dire need of, and the book is a good way to get them started on that effort.", January 2015

Ratings and Reviews