Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Security Operations Center Management

From: "Perez, Roberto" <Roberto.Perez () LMU EDU>
Date: Wed, 10 Mar 2021 23:08:00 +0000
Could someone ping me separately if you are using OculusIT's SOC services?



I'm looking at them and would love to talk to current OculusIT SOC customers about your experience so far.


Roberto Perez, CISSP
Director, Information Security and Compliance
Information Technology Services<https://its.lmu.edu/>

[LMU logo]<https://www.lmu.edu/>

Daum Hall
1 LMU Drive
Los Angeles, CA 90045-2659
www.lmu.edu<http://www.lmu.edu/> | Privacy + Legal<http://www.lmu.edu/copyright/>

Office
310.258.5489<tel:+13102585489>
Email
roberto.perez () lmu edu<mailto:roberto.perez () lmu edu>

[https://s3.amazonaws.com/lmuemailsignature/email-fb.png]<https://www.facebook.com/lmula>[https://s3.amazonaws.com/lmuemailsignature/email-tw.png]<http://twitter.com/loyolamarymount>[https://s3.amazonaws.com/lmuemailsignature/email-in-1.png]<https://instagram.com/loyolamarymount/?hl=en>[https://s3.amazonaws.com/lmuemailsignature/email-li.png]<http://www.linkedin.com/edu/school?id=17875>[https://s3.amazonaws.com/lmuemailsignature/email-yt.png]<http://www.youtube.com/loyolamarymount>[https://s3.amazonaws.com/lmuemailsignature/email-pin.png]<https://www.pinterest.com/loyolamarymount/>







On 2/19/21, 12:21 PM, "The EDUCAUSE Security Community Group Listserv on behalf of AJ (Westcliff)" <SECURITY () 
LISTSERV EDUCAUSE EDU on behalf of aj () WESTCLIFF EDU> wrote:



    Cynthia,



    Does your organization have a formal Security Operations Center?

    Yes, we have used an outsourced 24x7 SOC provider since 2015. They also manage our firewall.



    Is it fully staffed with internal resources?

    No - There was an assessment done recently of the major SOC and CISO providers on the basis of quality/expertise 
and affordability that we reviewed. (I think I can find a copy of that assessment. Please ping me offline if you need 
it.) We have outsourced our SOC to OculusIT.



    Is it fully outsourced?

    Yes to OculusIT. Our internal teams act on the recommended changes that come from the SOC team. OculusIT 24x7 SOC 
teams works an extension of our internal teams. We meet with them daily.



    Is it co-managed with a service provider?

    No.



    -----Original Message-----

    From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Christine 
Whalley

    Sent: Friday, February 5, 2021 10:23 AM

    To: SECURITY () LISTSERV EDUCAUSE EDU

    Subject: Re: [SECURITY] Security Operations Center Management



    Cynthia,



    Does your organization have a formal Security Operations Center?

         Yes, we have used an outsourced 24x7 SOC provider since 2012.



    Is it fully staffed with internal resources?

          No - we recently partnered with OculusIT to provide our SOC and next gen firewall management services.



    Is it fully outsourced?



          Yes/No - there is a partnership between our outsourced SOC and our internal infrastructure and service desk 
teams.

          We port designated logs to SIEM managed by the SOC.  Internal team has access to view SOC Dashboard and log 
data

          The SOC team monitors the environment and performs threat analysis to identify incidents and/or recommend 
changes

          we should make to our environment.

          Recommended changes are assessed by the appropriate internal support team.

          Once approved, changes to the firewall are made by the SOC while changes to servers and other services are 
made by the

          appropriate internal support team.



    Is it co-managed with a service provider?

          See explanation above.

          We continue to review for improvement opportunities and refine thresholds for where the SOC can take direct 
action without

          intervening College approval.



    **********

    Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community



    **********

    Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community
Previous By Date Next
Previous By Thread Next

Current thread: