DialogNauka Situational command center information security

The situational command center is intended by information security (Security Operation Center, SOC) for the centralized collecting and information analysis about the events arriving from different sources. The similar centers allow to increase process automation, connected with information security incident management (cybersecurity).

The situational command center of cybersecurity consists of three main parts: program and technical, documentary and personnel. A program and technical part of the center is implemented on the basis of specialized monitoring systems of events of information security. One of examples of the similar systems is the product ArcSight ESM taking the leading positions in the field.

Documentary part of the situational center includes a set of the documents describing the basic processes connected with identification and response to security incidents. Job descriptions of operators and administrators of the center, the politician and regulations of incident management, the database of incidents of cybersecurity, etc. are a part of basic documents.

The personnel component of situational command center of cybersecurity is selection of the employees responsible for work in command center. As a rule, roles of the system administrator, a security administrator, the operator and the analyst of incidents of security are considered.

Creation of situational command center of cybersecurity is implemented in several stages, including such as inspection, design, implementation and trial operation of the center.