Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Security Operations Center Management

From: "AJ (Westcliff)" <aj () WESTCLIFF EDU>
Date: Fri, 19 Feb 2021 15:21:39 -0500
Cynthia,

Does your organization have a formal Security Operations Center? 
Yes, we have used an outsourced 24x7 SOC provider since 2015. They also manage our firewall. 

Is it fully staffed with internal resources? 
No - There was an assessment done recently of the major SOC and CISO providers on the basis of quality/expertise and 
affordability that we reviewed. (I think I can find a copy of that assessment. Please ping me offline if you need it.) 
We have outsourced our SOC to OculusIT. 

Is it fully outsourced? 
Yes to OculusIT. Our internal teams act on the recommended changes that come from the SOC team. OculusIT 24x7 SOC teams 
works an extension of our internal teams. We meet with them daily. 

Is it co-managed with a service provider? 
No.

-----Original Message-----
From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Christine Whalley
Sent: Friday, February 5, 2021 10:23 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Security Operations Center Management

Cynthia,

Does your organization have a formal Security Operations Center? 
     Yes, we have used an outsourced 24x7 SOC provider since 2012.

Is it fully staffed with internal resources? 
      No - we recently partnered with OculusIT to provide our SOC and next gen firewall management services.

Is it fully outsourced? 

      Yes/No - there is a partnership between our outsourced SOC and our internal infrastructure and service desk 
teams.  
      We port designated logs to SIEM managed by the SOC.  Internal team has access to view SOC Dashboard and log data
      The SOC team monitors the environment and performs threat analysis to identify incidents and/or recommend changes 
      we should make to our environment.  
      Recommended changes are assessed by the appropriate internal support team.  
      Once approved, changes to the firewall are made by the SOC while changes to servers and other services are made 
by the 
      appropriate internal support team.

Is it co-managed with a service provider? 
      See explanation above.  
      We continue to review for improvement opportunities and refine thresholds for where the SOC can take direct 
action without 
      intervening College approval.

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community
Previous By Date Next
Previous By Thread Next

Current thread: