A Cybersecurity Architecture That Supports Effective Incident Response

Abstract:

A Cybersecurity Operation Centre (SOC) is a centralized hub within an organisation that houses people, processes, and technologies aimed at continuous monitoring of the organization’s assets in order to prevent, detect, analyse, and respond to cybersecurity incidents against that organisation. SOCs are critical to the collection, analysis, and response to cybersecurity events and incidents faced by an organisation. This article discusses the architecture of an SOC that enables quick and timely responses to events and incidents. Firstly, the article describes an architecture of the SOC, the SOC’s processes, personnel, and technologies. Secondly, the article discusses what type of information and logs should be collected, analysed, and interpreted. Lastly the article discusses how to handle an incident through the six stages of incident response.


AUTHORS

Photo of Muyowa Mutemwa

Council of Scientific and Industrial Research (CSIR) Defence, Peace, Safety, and Security Pretoria,
South Africa

Muyowa Mutemwa is currently a Senior Cyber Security Researcher at the Council of Scientific and Industrial Research, where he runs a Security Operations Centre.

Photo of Dr. Jabu Mtsweni

Council of Scientific and Industrial Research (CSIR) Defence, Peace, Safety, and Security Pretoria,
South Africa

Dr. Jabu Mtsweni is a Head of Information and Cyber Security Centre at the Council for Scientific and Industrial Research (CSIR) focusing on secure identity systems, cybersecurity systems, data security and analytics, including governance, privacy, and trust.

 

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Quick Links

View the latest issue of JIW.

Latest Edition

Purchase a subscription to JIW.

Subscribe

Keywords

A

AI
APT

C

C2
C2S
CDX
CIA
CIP
CPS

D

DNS
DoD
DoS

I

IA
ICS

M

P

PDA

S

SOA

X

XRY

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

Registered Agent and Mailing Address

  • Journal of Information Warfare
  •  ArmisteadTEC
  • Dr Leigh Armistead, President
  • 1624 Wakefield Drive
  • Virginia Beach, VA 23455

 757.510.4574

 JIW@ArmisteadTec.com