Re: Security Operations Center Management

[Christine Whalley <cwhalley () BARNARD EDU>]

Cynthia,

Does your organization have a formal Security Operations Center? 
     Yes, we have used an outsourced 24x7 SOC provider since 2012.

Is it fully staffed with internal resources? 
      No - we recently partnered with OculusIT to provide our SOC and next gen firewall management services.

Is it fully outsourced? 

      Yes/No - there is a partnership between our outsourced SOC and our internal infrastructure and service desk 
teams.  
      We port designated logs to SIEM managed by the SOC.  Internal team has access to view SOC Dashboard and log data
      The SOC team monitors the environment and performs threat analysis to identify incidents and/or recommend changes 
      we should make to our environment.  
      Recommended changes are assessed by the appropriate internal support team.  
      Once approved, changes to the firewall are made by the SOC while changes to servers and other services are made 
by the 
      appropriate internal support team.

Is it co-managed with a service provider? 
      See explanation above.  
      We continue to review for improvement opportunities and refine thresholds for where the SOC can take direct 
action without 
      intervening College approval.

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community