Main Page

From Socology.org - The Study of Security Operations
Revision as of 04:54, 17 October 2018 by Frankangiolelli (Talk | contribs)

Jump to: navigation, search

Socology
The study of Security Operations

Consult the User's Guide for information on how to contribute to this page.

Objective

The objective of socology is to provide the community with guidelines, frameworks and resources that improve Security Operations from a Management and Strategic level. While the framework can be used to evaluate your own Security Operations Center, this is designed to be a guideline to improve those ratings.

Why create socology?

  1. Understand the Complexity - Security Operations is a highly complex and multifaceted portion of Cyber Security. We want SOCs to be successful.
  2. Implementation - Implementing, maturing and maintaining Security Operations goes beyond technology and tools.
  3. Guidelines - Socology is attempting to identify those dimensions and some guidelines to help you be successful.
  4. Lessons Leaerned - Lastly, in discussion with our Subject Matter Experts, common pain points and lessons learned have emerged which we feel would benefit the community to

While framework exist for Risk Management, like NIST [1], CMMI [2] and SOC-CMM [3], the Security Operations field has gaps in guidelines and frameworks for implementation. We are working to study, identify and fill in those gaps where possible.

While ITIL is an excellent resource for IT Operations, we argue it has gaps when applied to Security Operations.

Maturity & Development

Security Operations can be described having a hierarchical developmental sequence as well as maturity. We start at an immature level and then mature along multiple dimensions in parallel. It is recommended to be able to evaluate your developmental sequence and maturity.

In the search for how to organize this information, we have identified several different ways to approach it. This includes:

  1. RAG - Red, Amber, Green
  2. Development Cycle - The development cycle of Forming, Storming, Norming and Performing is simple and meaningful. Psychologist Bruce Tuckman first came up with the memorable phrase "forming, storming, norming, and performing" in his 1965 article, "Developmental Sequence in Small Groups."[4].
  3. CMMI - The Capability Model Maturity Index[[5]] is an excellent way to gauge maturity, however for this framework, which will including guidelines and is more qualitative, we are using the Developmental Sequence.
  4. SOC-CMM - https://soc-cmm.com/ A Continuous Maturity Model for Security Operations

Core Dimensions

Each Service of Security Operations is broken down into Socology Core Dimensions. Those Core Dimensions are: Process, Tooling, Ticketing, Reporting, Staffing, Budget, Communications and Documentation. This is designed to describe and explore the Service, the Service Management Requirements, the Staffing and Technology at an altitude that allows for flexibility while still providing practical guidance.

The Parts of Security Operations

Click here to view the Parts of Security Operations.

High Level Common Pain Points | Lessons Learned

Context Switching - also discusses Multitasking

Hero Syndrome

Burnout

Enterprise Amnesia

Shelfware or Un(der)utilized Tools

Socology Dimensions Map

Click here to view the Socology Dimensions and descriptions.

Socologymap2.png

File:Parts-of-security-operations.png