The Human Factor in a Security Operations Center

The Human Factor in a Security Operations Center
paly
Share

In this presentation, Nicolas Fischbach explores the importance of personnel management in a Security Operations Center. Topics include recruitment, turnover, role separations, and the use of SEM tools like Security Event Management.

  • Uploaded on | 2 Views
  • mirobog mirobog

About The Human Factor in a Security Operations Center

PowerPoint presentation about 'The Human Factor in a Security Operations Center'. This presentation describes the topic on In this presentation, Nicolas Fischbach explores the importance of personnel management in a Security Operations Center. Topics include recruitment, turnover, role separations, and the use of SEM tools like Security Event Management.. The key topics included in this slideshow are . Download this presentation absolutely free.

Presentation Transcript

1. Nicolas FISCHBACH Senior Manager, Network Engineering/Security - COLT Telecom nico@securite.org - http://www.securite.org/nico/ version 1.0 Le facteur humain dans un centre de supervision scurit JEI SSI CELAR

2. 2004 Nicolas FISCHBACH JEI SSI CELAR 2 Agenda Introduction Pourquoi un SOC ? Rle du SOC Recrutement Gestion du turnover Cloisonnement Sparation des responsabilits Outil: SEM (Security Event Management) Risques gnriques Conclusion

3. 2004 Nicolas FISCHBACH JEI SSI CELAR 3 Pourquoi un SOC ? Supervision de la scurit Besoins et obligations Multiples sources dinformation Quantit dinformation disponible Qualit de linformation disponible Centralisation et archivage des informations La supervision rseau ou systme nest pas suffisante SOC interne ou MSSP pour des clients Mutualisation de linformation et des ressources Tendance au ractif, peu de proactif

4. 2004 Nicolas FISCHBACH JEI SSI CELAR 4 Rle du SOC ? Supervision scurit Surtout pas dadministration ! Change Management pare-feu, outil de dtection dintrusion/danomalie, pot de miel, etc. Veille scurit Audits et tests de pntration Analyses post-mortem Temps dans le laboratoire ou jouer avec des pots de miel Conflit ingnierie/oprations/R&D/etc. Perception par les autres dpartements

5. 2004 Nicolas FISCHBACH JEI SSI CELAR 5 Recrutement Quels profils ? Comptences/connaissances/attitude Qualits: curieux, thique, parle mieux lASM que le franais, etc. Externalisation/outsourcing et o ? Background checking Pas de certification SOC Embauches internes et formation la scurit ? Environnement avec des contraintes fortes Priv vs. public vs. militaire/tatique

6. 2004 Nicolas FISCHBACH JEI SSI CELAR 6 Gestion du turnover Comment garder les employs ? 24x7 Formation Cration dune base de connaissances interne Beaucoup dvnements peu importants Gestion de linformation et des connaissances acquises: risque de fuite Quels objectifs et quelles mtriques pour mesurer lefficacit ?

7. 2004 Nicolas FISCHBACH JEI SSI CELAR 7 Cloisonnement Besoin de deux rseaux ou plus Contraintes de mutualisation Protection vis--vis de lInternet Risque de contournement Remonte dvnements Accs pour gestion/maintenance

8. 2004 Nicolas FISCHBACH JEI SSI CELAR 8 Sparation des responsabilits Administration vs. NOC vs. SOC Dfinir les fonctions: administratif, analyste, veille, etc. Risque de copinage (friends in crime) Problme du manque de connaissances mtier (surtout dans les couches hautes) Pipotage du client (technique et commercial) Besoin davoir des politiques et des procdures Comment trouver un mode de fonctionnement efficace: ressources vs. vnements vs. sparation des responsabilits

9. 2004 Nicolas FISCHBACH JEI SSI CELAR 9 Outil: Security Event Management Outil de corrlation et de dtection dvnements Dfinition des rgles Information trop/pas assez digre Linterprtation des alertes et anomalies reste trs subjective Trouver le juste milieu entre ressources et automatisation Les erreurs, les mauvaises rgles, les informations tronques se paient: le SOC devient borgne voire aveugle Risque de ne pas comprendre ce qui se passe Classification des vnements: tous les acteurs (hors SOC) nont pas la mme vision et les mmes priorits

10. 2004 Nicolas FISCHBACH JEI SSI CELAR 10 Risques gnriques Who is watching the watchmen Possibilit deffacer ses propres traces Mauvaise adaptation la couverture attendue Gestion de la vie prive et de laccs aux informations Risque que les clients (internes ou externes) se sentent surveills Il vaut mieux ne pas avoir de SOC et en tre conscient quune moiti de SOC...

11. 2004 Nicolas FISCHBACH JEI SSI CELAR 11 Conclusion Conclusion Q&R Image: www.shawnsclipart.com/funkycomputercrowd.html

Related

Principles of Information Security and Human Resource Issues
Principles of Information Security and Human Resource Issues
The Tension Between Security and Other Values
The Tension Between Security and Other Values
Understanding Food Security Fundamentals and Needs Assessment
Understanding Food Security Fundamentals and Needs Assessment
Developing a Wellness Center on a Shoestring Budget
Developing a Wellness Center on a Shoestring Budget
Field Service Operations Organizational Chart
Field Service Operations Organizational Chart
Linear Programming and Transportation Methods in Operations Research
Linear Programming and Transportation Methods in Operations Research
Getting to knoweach other Needs and wants Human Ri
Getting to knoweach other Needs and wants Human Ri
Troubled Waters: Energy Security as a Maritime Security
Troubled Waters: Energy Security as a Maritime Security
Auto Scaling Web Application Security in the Cloud
Auto Scaling Web Application Security in the Cloud
Finding the Equation and Center of a Circle
Finding the Equation and Center of a Circle
The Universal Declaration of Human Rights and its Impact on Refugees
The Universal Declaration of Human Rights and its Impact on Refugees
Global Campaign for Social Security and Coverage for All - Progress and launch report
Global Campaign for Social Security and Coverage for All - Progress and launch report
Help Keep Our National Church Center: National Church Center Fundraising Campaign May 2009 - May 2010
Help Keep Our National Church Center: National Church Center Fundraising Campaign May 2009 - May 2010
Mobile Device Security: A Brief History and Current Threats
Mobile Device Security: A Brief History and Current Threats
Polynomial Operations and Synthetic Division
Polynomial Operations and Synthetic Division
Ceedo for Citrix Optimization
Ceedo for Citrix Optimization
Bab 13-15: Matriks and Its Operations - Matrix Inverses
Bab 13-15: Matriks and Its Operations - Matrix Inverses
Ensuring Safety in EMS Transport Operations
Ensuring Safety in EMS Transport Operations
The Phenomenal Power of the Human Mind
The Phenomenal Power of the Human Mind
Finding Purpose and Security in Life
Finding Purpose and Security in Life
Best Practices for Initial Engine Company Operations
Best Practices for Initial Engine Company Operations
Windows Vista Security Configuration and IE7 Browser Tools
Windows Vista Security Configuration and IE7 Browser Tools
Introduction to Cloud Computing and Data Security
Introduction to Cloud Computing and Data Security
Progress in Aviation Safety and Security: Fire Protection and Fuel Tank Inerting
Progress in Aviation Safety and Security: Fire Protection and Fuel Tank Inerting