Choosing a SOC Service Model

Corporate CISO's, and CIO's, most adopted 'out of the box' thinking when the time of choosing a SOC service model comes. cybersecurity is high agenda issue of every business in the world, especially given regulations and privacy act legislation, and the mandatory data breach notification. Cyber breach is a highly complex issue and requires a deep conviction analysis, and authorization throughout the business governance in order to become successful.

A good security level is expensive; to build a strong capability that extends across all of the organization’s, when dealing with people, processes, data, and IT rules, it requires a large investment that may seem like it’s providing no return on investment, that's a big issue for CISO or a CIO who needs resources. If so, then what are the factors that senior managers need to consider before they decide whether to insource or outsource their security functions, or to managed them thru a Managed Security Services Provider (MSSP).

The Chief Information Security Officers CISO's or the CIO's Chief Information Officers of an organisation, often faces a difficult decision whether they should insource or outsource their organization security capability to an MSSP. A decision like this often underpinned by several key factors, such as:

• The current capability of internal cybersecurity team,
• The organization management mentality and business culture, and the available funds for developing such a capability.

the internal capability of maintaining a good security level can become an expensive function to the business. Cyber security is a business process that requires governance considerations across HR, Knowledge processing, New technologies, and staff quick adopting.

A team of security experts who needs to maintain their expert knowledge, and adapt to new technologies is a complex function. Especially if the organization doesn't have expertise in it, even if the CISO or CIO is a deeply proficient person, who needs to deal with a security problem, it is a problem if he addresses it on his own.

That is why a CISO decision must undertake a cost-benefit analysis before deciding whether to do insourcing or outsourcing by an MSSP.

The concept of a Security Operations Center (SOC) becomes the focal point of all operational security controls. There are a few SOC service models that a CISO can adopt, such as:

• Insourcing dedicated SOC: internal staff capability, owned facility, full-time staff;
• Virtual SOC: internal staff capability, no facility, a part-time staff;
• Outsourced SOC: provide service by an MSSP, MSSP facility, MSSP staff;
• Hybrid SOC: internal staff capability insured by MSSP expert staff, two separate facilities (dedicated or virtual).

Those models have their own benefits and drawbacks, therefore, a decision should be carefully evaluated.

These model suits organizations that will never fully outsource their entire security capability, it is for maintaining an internal security operations capability while contracting an MSSP to fill the gaps. This may be because the organization security team can’t cover a 24/7 in 365 days a year or any other reason. The MSSP provides the monitoring eyes whenever the in-house team isn’t capable to do so. Furthermore, can augment the in-house team with experts who aren’t on the payroll, such as security analysts, and forensics experts.

CISO must evaluate the organization and decide whether the internal team can deliver the outcomes required for the business.

If there is a need for Hybrid SOC Servicing, we are the ones to contact for it.