A college professor tasked a group of students to investigate and improve the jury deliberation process. The students interviewed several stakeholders and discovered that the shape of the table in the jury room had an impact on the decision process. In courtrooms where there were rectangular tables, the juror sitting at the head of the table often dominated the conversation. As a result, some jurors did not share their views openly, and a verdict was quickly reached.
The students concluded it was those juries with round tables that came to the most accurate and just verdicts as all jurors participated openly and shared their views. The students were excited about their findings as they believed that they had discovered a way to improve the justice system—and it was also an easy fix. Upon sharing their feedback with the judge, the judge ordered that all jury room tables be changed to rectangular tables. The students were shocked. After all, round tables led to more robust decision-making, not rectangular tables.
When the judge said that he wanted to improve the jury deliberation process, he meant that he wanted to reduce the time it takes a jury to reach a decision. The students had understood improving the process to mean ensuring a more robust and fair process. Thus, the objectives of the task were not clear to all stakeholders upfront.
If you are planning to build a security operations center (SOC), keep in mind that the purpose of an SOC may not be clear to everyone in an organization. It is important for the purpose, scope and objectives of the SOC to be defined and communicated from the start. Failing to do this may make it challenging to demonstrate value to business stakeholders and security leaders. Even worse, the SOC may not support the organization’s objectives.
It Starts with a Strategy
Without a defined SOC strategy, security leaders may struggle to prioritize resources. A strategy provides direction based on various inputs such as the threat landscape, regulatory requirements and threat assessments specific to the organization. In the context of an SOC, the primary objective of the SOC strategy should be to avoid a situation where the cost and effort is high and the value and return on investment (ROI) is low. The aim of the SOC strategy is to ensure that the SOC effectively fulfils its function and, in doing so, helps the organization to fulfil its overall business objectives.
A well-architected SOC provides a positive ROI by minimizing potential financial losses due to cyberincidents. At the same time, an SOC enhances an organization’s ability to detect and respond to cyberthreats in real time, safeguarding sensitive data and protecting the organization’s reputation. Therefore, compliance, ROI and risk reduction are interconnected.
Business-Aligned Use Cases
Although it is easy to get carried away with generic cybersecurity use cases, the development of business-aligned use cases is what separates average SOCs from great SOCs. Steps include:
- Understand the business objectives, mission and vision—The SOC should have a clear understanding of the organization’s revenue-generating activities and business processes.
- Review the threat landscape—Understanding the current threat landscape, including the types of threats specific to the organization’s industry vertical, ensures that use cases are relevant to actual threats in the wild. Threat intelligence can add value in this area.
- Define use cases—Based on business objectives and the threat landscape, the SOC can define relevant use cases. All use cases must be linked to the organization’s objectives and mission.
Ensure Ongoing Support for the SOC
The SOC is an increasingly important capability for organizations to defend against cybercrime. Although an SOC can vary in terms of scope, objectives and services it provides, security monitoring, threat detection and incident response remain the core service offerings for any SOC. The ability to link cybersecurity initiatives such as an SOC to business objectives is crucial to ensure the ongoing support and funding for a SOC.
Editor’s note: For further insights on this topic, read Grant Hughes’s recent Journal article, “How to Build a Great SOC,” ISACA Journal, volume 6, 2023.