This is the second in a series of publications we’re calling “QOMPLX Operations.” These posts are intended to provide security practitioners with best practices and insights needed to build effective, robust security operations center (SOC) teams. To learn more, download our free reports!
In 2013, big-box retailer Target became the victim of a massive compromise of its Point of Sales (POS) network. All together, credit card breach information on 110 million Target customers was stolen. Target ended up paying $18.5 million in a settlement with Attorneys General in 47 states and the District of Columbia.
Behind the headlines about Target lay a cautionary tale. Subsequent reporting revealed that detection tools used by Target and a managed service provider had, in fact, alerted staff that an incident occurred early on. Furthermore, that incident was isolated and even escalated by staff. Still, no further action was taken to investigate the incident. In other words, at some point, the process of incident escalation used by Target faltered, with disastrous consequences for the firm.
Target's story underscores the critical importance of establishing effective processes within your security operations center. It also reminds us that organizations face a multi-level challenge: from translation of cybersecurity monitoring actions; to risk assessment; to risk quantification and communication; to prioritization of risk mitigation and response actions.
In this second installment of our QOMPLX Operations series, we're digging into the tricky question of what makes effective SOC processes and how organizations can set themselves up for success by creating effective, responsive SOC processes that actually reduce risk.
You can download "The Four Ps of SOCs Part 2: Process" here. Registering will give you access to all four reports in the series.