Week 1 Flashcards
Security Operations Center (SOC)
A facility that centralizes and manages an organization’s security functions. It
is typically responsible for monitoring and analyzing an organization’s security systems, such as firewalls, intrusion detection systems, and security event logs.
Functions of a SOC
Monitoring,
Analysis,
Response,
Communication;
Elements of a SOC
Security Information and Event Management (SIEM) system,
Security analysts,
Vulnerability management,
Incident response plan,
Tools and technologies;
Physical infrastructure;
Communication and collaboration,
Training and awareness,
Policies and procedures,
Security infrastructure;
Levels within SOC
Tier 1: This is the first point of contact for security-related incidents and requests. Tier 1 analysts are responsible for triaging and routing incidents to the appropriate team or individual. They may also be responsible for
providing basic support and troubleshooting for security-related issues.
Tier 2: This tier is responsible for more in-depth analysis and investigation of security incidents. Tier 2 analysts have more expertise and experience than Tier 1, and may be responsible for responding to and resolving more
complex incidents.
Tier 3: This is the highest level of expertise within a SOC. Tier 3 analysts are responsible for the most complex and critical security incidents, as well as for developing and implementing long-term solutions to prevent similar incidents from occurring in the future. They may also be responsible for training and mentoring lower-level analysts.
