Re: Security Operations Center Management

[Rich Graves <rcgraves () GMAIL COM>]

Insourced versus outsourced are not mutually exclusive. The design pattern we followed with OmniSOC was that local 
experts tend to be best at, surprise surprise, situations requiring local knowledge. A third party such as OmniSOC or 
Cyber posse or whoever owns SecureWorks nowadays can provide both “air cover” and a steady cadence regardless of your 
academic calendar and local emergencies. Obviously one who prefer to only have to pay for one SOC, but for best 
results… https://amp.knowyourmeme.com/memes/why-not-both-why-dont-we-have-both

> On Feb 3, 2021, at 3:33 PM, Welch, Von <vwelch () iu edu> wrote:
>
> 
> Cynthia,
>  
> At IU we collaborate with a number of other schools on the OmniSOC: https://omnisoc.iu.edu
>  
> So the literal answer to your questions are below, but those don’t capture the full picture.
>  
> a.       Is it fully staffed with internal resources? YES
> b.       Is it fully outsourced? NO
> c.       Is it co-managed with a service provider? We work very closely with Elastic, but manage the infrastructure 
> ourselves.
>  
> HTH,
>  
> Von
>  
>  
> From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Carlton, 
> Cynthia <cynthia.carlton () ROCHESTER EDU>
> Date: Monday, January 25, 2021 at 5:47 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>
> Subject: [External] [SECURITY] Security Operations Center Management
>
> This message was sent from a non-IU address. Please exercise caution when clicking links or opening attachments from 
> external sources.
>  
> Good afternoon
>  
> I’m working on doing a quick benchmarking survey on behalf of our CISO regarding SOC’s. I did find a previous posting 
> regarding an annual SOC survey and am reviewing that dataset and report. However, we would like to try and benchmark 
> as many Higher Ed and Academic Medical Centers as possible.  I will be happy to share the results of what I collect 
> if there is expressed interest. Please feel free to respond to me directly  - Cynthia.carlton () rochester edu. Thank 
> you in advance for your feedback!
>  
> Does your organization have a formal Security Operations Center?
> a.       Is it fully staffed with internal resources?
> b.       Is it fully outsourced?
> c.       Is it co-managed with a service provider?
> 2)      If you do not have a Security Operations Center is it on your roadmap
> a.       Are you planning to fully staffed with internal resources?
> b.       Are you planning to fully outsourced?
> c.       Are you planning to co-managed with a service provider?
>  
> The specific data we have been asked to report on was -  how many other Academic Medical Centers and Universities 
> have deployed a SOC and are they are doing it all in house or do they outsource some or all of it?
>  
>  
> Cynthia Carlton
> Information Architect
> University of Rochester
> Desk:   585-275-1068
> Email:  cynthia.carlton () rochester edu
>  
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
> person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
> and subscription information can be found at https://www.educause.edu/community
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
> person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
> and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community