Sunday, 25 January 2015

Book Review: Designing and Building A Security Operations Centre

When I first came across this book, I really wasn't sure what level of detail or focus the author would be taking so I'll cover that off straight away. While this book touches on some technical areas, this book is very much focused on the organisational, operational and managerial aspects of building and running SoCs.

If you're looking for a book to tell you what tools to select for a SoC, how to architect them, what types of monitoring and response you should be doing then probably best to look elsewhere.

However, if you are interested in working in a SoC, are currently working in a SoC at a junior level or planning to set up or outsource a SoC and new to the area then I'd definitely recommend you read this book.

The first chapter walks through some basics around the types of operations centres and talks through the key phases in developing a SoC, which the author then uses as the basis for the structure of the book.

The second and third chapters discusses SoC customers, event/alert/incident definitions, SLAs and service catalogs before moving onto the various systems and supporting processes that need to be in place to support a SoC, with a particular focus placed on ticketing systems.

I particularly liked chapters four and five, which give good insight into some potential organisational structures and reporting lines for SOCs, high level roles and key considerations in terms responsibilities, breaking it out into options for smaller and larger SoCs. This chapter alone is worth a read if you're new to SoCs as it'll give a good insight into the kind of resources you'll need and ideas on how these might overlap with your existing team.

Chapter six moves into covering the daily operations that should take place within a SoC. It doesn't go into details on incident response but does highlight the importance of root cause analysis and review documentation after the incident has been resolved and the need for communication plans to be in place. It also highlights some of the key challenges in follow the sun models around duplication of technical resources, inefficient handovers and inconsistent training/knowledge sharing and the positives of such models including local data storage for regulatory reasons and reduced local cultural/language barriers.

Chapter seven covers the importance of training and potential approaches to training your SoC team. I really liked the emphasis that the author placed on this aspect of SoC management but I think this chapter could have been incorporated into the previous chapters around teams and people resources.

Chapter eight touches briefly on metrics but rather than dive into long lists of potential metrics, discusses some of the potential approaches to metrics. The section here on vulnerability prioritisation is interesting but for me felt a little out of place within the overall context of the book.

Chapter nine runs through the threat intelligence that will normally be required within a SoC and covers off some of the publicly available resources along with touching on the types of commercial offerings in the area without diving into any particular vendor's commercial offering.

The last few chapters wrap up with some material on outsourcing that is very much worth a read if you're planing on outsource a SoC or engaging with a MSSP. One really nice aspect is that it contains a list of seventy four questions that to consider when selecting an MSSP. I always like to see guidance like this on the selection process for outsourced service as often there's a huge information asymmetry between clients and vendors in info sec and this guidance can at least help clients ask the right questions.

Overall, for the audience I outlined at the start of the review, this books is well structured and a solid introduction to the managerial aspects of SoCs. I felt it could have been shorted down a bit to make it more concise, but other than that it was an informative read and worthwhile for the right audience.

Links:
Amazon http://www.amazon.com/Designing-Building-Security-Operations-Center/dp/0128008997/
Safari http://techbus.safaribooksonline.com/book/networking/security/9780128008997


Saturday, 10 January 2015

Book Review: The Frugal CISO

I came across The Frugal CISO purely by accident over Christmas as it popped up as a new addition to Safari and as I'm always on the look out for security books that are a little bit different and non-technical, I figured it would be worth a read.

I'm really happy that I did because the Frugal CISO is a really solid book on both information security management and management in general. This is definitely a book I'd recommend to anyone either taking up a leadership position in an info sec team or setting up a new security team in an organisation. For me personally there were a lot of points that resonated me with as I've spent the last year putting in place a new regional security team from scratch for a large multinational and there's definitely some good lessons that I learned along the way that are included in this book!

I do feel that the title of the book doesn't do it justify however, as while the title seems to indicate that this book will be very focused on cost saving, it's really much more than that. This book is more about being a realistic CISO.. and if there wasn't already a book called the Pragmatic CSO, I'd have called it that!

The book starts off on some very interesting points on the stages of maturity for an info sec team. The approach used differs from the usual maturity levels that we often see in info sec books and focuses more on the organisational aspects of maturity covering things like funding and resource allocation, planning intervals, alignment with business strategy and stability of the team.

The next few chapters of the book focus on giving solid management advice in light of the challenges faced in info sec such as reduced budgets, increasing threats, and competition for staff, with particularly good chapters on team management and hiring that any hiring manager should read.

The book then moves onto a few chapters focusing on alternative views of policy definition and security awareness and a good chapter on taking stock of your info sec program and always considered why you're doing what you do and whether it's still necessary.

The final few chapters have some great advice on budgeting, appreciating that what works in one company, may not work in all companies and on being flexible and aiming to engage rather than block the business.

Overall, this book is full of good insights and ideas for info sec managers and while some of the material will be more general management focused, it's definitely a very highly recommended read for anyone in information security management and one that I'll definitely be recommending. I'd also love to see a follow up book that deep dives a bit more into some of the areas around maturity and engaging with the business as while these are oft discussed topics, they rarely get the level of detail that I think a lot of people would benefit from.


Links:
CRC http://www.crcpress.com/product/isbn/9781482220070
Amazon http://www.amazon.com/The-Frugal-CISO-Innovation-Approaches/dp/1482220075
Safari http://techbus.safaribooksonline.com/book/networking/security/9781482220070