This page is fully or partially automatically translated.

Send message to

Do you want to send the message without a subject?
Please note that your message can be maximum 1000 characters long
Special characters '<', '>' are not allowed in subject and message
reCaptcha is invalid.
reCaptcha failed because of a problem with the server.

Your message has been sent

You can find the message in your personal profile at "My messages".

An error occured

Please try again.

Make an appointment with

So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.

Create an onsite appointment with

So that you can make an onsite appointment, the appointment request will open in a new tab.

it-sa 365: Header Desktop IABG
IT Security Talks 2021 Management I

Central Security Management using a Security Operations Center (SOC)

The presentation explains the necessity of a SOC and gives strategic recommendations for its deployment

calendar_today Tue, 15.06.2021, 11:00 - 11:15

event_available Digital

Action Video


Action description





Data Center



This action is part of the event IT Security Talks 2021

Action Video

grafischer Background

This video is available to the it-sa 365 community. 
Please register or log in with your login data.

Action description

Due to an increasingly far-reaching and comprehensive digitalisation and networking of IT and OT infrastructures, new attack possibilities are continuously emerging, such as phishing, SQL injection, ransomware, denial of service or advanced persistent threats. The associated risk situation as well as legal and regulatory framework conditions (e.g. IT Security Act) require an ever stronger focus on the detection, reporting and handling of security incidents related to the IT and OT infrastructure of the company. This task is typically performed by a Security Operations Centre (SOC).
The range of tasks of a SOC can be further detailed, for example, classic core tasks include
- The general guarantee of information security of the IT/OT infrastructures,
- identification of vulnerabilities,
- monitoring the IT/OT infrastructures and detecting attacks/incidents,
- in the coordinated remediation of security incidents, or
- in the measurability of the level of information security.
In addition, classic core tasks of a SOC are often combined with further tasks of a Computer Emergency Response Team (CERT) / Computer Security Incident Response Team (CSIRT), such as
- Observation of the general threat situation,
- the assessment of threats, including forensics, or
- the preparation of recommendations (advisories).
As an internal service provider of an organisation, a SOC therefore has numerous interfaces. It functions, for example, as a general contact point for security aspects of both users and administrators and is concerned with continuously increasing security awareness in the organisation. The SOC supports the management in complying with the issued security policies and provides corresponding evaluations, reports and situation pictures as required. For the detection and resolution of security incidents, there is close cooperation with those responsible for the IT/OT infrastructures.
The detection of security incidents is technically based on the evaluation of a multitude of log data from different log sources; these log sources can be, for example, network components such as routers or switches, client and server systems or security components such as firewalls, virus walls or intrusion detection systems. A SOC therefore usually offers a technical core function for the central collection and evaluation of log data, a so-called Security Information and Event Management (SIEM) system. This also enables the correlation of log data from different manufacturers and platforms and thus extensive and effective possibilities for the detection of security incidents. The SIEM visualises this in an integrated dashboard, generates corresponding events and alarms and thus forms an essential technical basis for the creation of an overall cyber security situation picture of the organisation.
Due to the extensive functions and tasks of a SOC, it is usually built up step by step. At the beginning, it is often advisable to centrally collect log data and use this as a basis for identifying security incidents. In the next step, further tasks can be added to resolve security incidents, up to and including threat intelligence and forensics.
An important aspect in setting up a SOC is the selection of a suitable operator model. In addition to traditional in-house operation and outsourcing of SOC tasks, a variety of hybrid operator models are conceivable. Organisational, strategic, technical and economic aspects should be taken into account when deciding on the appropriate operator model.
The presentation explains the necessity of a SOC for the operation of complex IT/OT infrastructures, shows its core functionality and gives strategic recommendations for the approach to implementation.

... read more

Language: German

Questions and Answers: Yes


show more

This content or feature is available to the it-sa 365 community. 
Please register or log in with your login data.