Educause Security Discussion mailing list archives
Re: Security Operations Center Management
From: Christine Whalley <cwhalley () BARNARD EDU>
Date: Fri, 5 Feb 2021 15:23:23 +0000
Cynthia, Does your organization have a formal Security Operations Center? Yes, we have used an outsourced 24x7 SOC provider since 2012. Is it fully staffed with internal resources? No - we recently partnered with OculusIT to provide our SOC and next gen firewall management services. Is it fully outsourced? Yes/No - there is a partnership between our outsourced SOC and our internal infrastructure and service desk teams. We port designated logs to SIEM managed by the SOC. Internal team has access to view SOC Dashboard and log data The SOC team monitors the environment and performs threat analysis to identify incidents and/or recommend changes we should make to our environment. Recommended changes are assessed by the appropriate internal support team. Once approved, changes to the firewall are made by the SOC while changes to servers and other services are made by the appropriate internal support team. Is it co-managed with a service provider? See explanation above. We continue to review for improvement opportunities and refine thresholds for where the SOC can take direct action without intervening College approval. ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Security Operations Center Management Carlton, Cynthia (Jan 25)
- Re: [External] [SECURITY] Security Operations Center Management Kevin Wilcox (Jan 25)
- Re: [External] [SECURITY] Security Operations Center Management Foss, Henry L. (Jan 25)
- Re: Security Operations Center Management Marcelo Lew (Feb 02)
- Re: Security Operations Center Management Koppel, Lorna (Feb 02)
- Re: Security Operations Center Management King, Ronald A. (Feb 03)
- Re: Security Operations Center Management Dennis Bolton (Feb 03)
- Re: Security Operations Center Management Welch, Von (Feb 03)
- Re: Security Operations Center Management Rich Graves (Feb 03)
- <Possible follow-ups>
- Re: Security Operations Center Management Steve Doty (Feb 03)
- Re: Security Operations Center Management Christine Whalley (Feb 05)
- Re: Security Operations Center Management AJ (Westcliff) (Feb 19)
- Re: Security Operations Center Management Perez, Roberto (Mar 10)
- Re: Security Operations Center Management AJ (Westcliff) (Feb 19)
- Re: [External] [SECURITY] Security Operations Center Management Kevin Wilcox (Jan 25)