| Course
Title |
: Building
and Effective Security Operations Center
Framework |
| Course
Duration |
: 2 Day
Online Instructor Led Workshop
: Online
workshop is delivered in two days, two units
each day between 9:30 am to 1 pm and 2:30 pm
to 5:30 pm |
| Course Fee |
: Available
upon request (Write to us at info@tlcpak.com) |
| Course
Location |
: TLC
Office, Customer Onsite, and Online |
|
: Online
workshop are delivered in two days, two units
each day between 10:30 am to 1 pm and 3 pm to
5:30 pm |
| Course Code |
:TN222 |
| Deliverables |
:
Comprehensive Student Guide and Workshop
Certificate |
This couse can
also be conducted for customers at their premieses
in Karachi, Lahore, and Islamabad
PURPOSE:
Security teams are
hard at work on the front lines: identifying,
analyzing and mitigating threats facing their
organization. But despite their best efforts,
incident backlogs continue to grow. The reality is
that there simply arent enough skilled
professionals to analyze the volume of incidents
that most organizations face.
Security Operation
is the continuous operational practice for
maintaining and managing a secure IT environment
through the Implementation and execution of certain
services and process its main purpose is to detect,
prevent, prioritize and respond to security
incidents. This course is specially designed with
all necessary information that can help security
professionals for building an effective Security
Operations Center and associated tools for building
a SOC framework.
Nevertheless, SOC
is now an essential part of protection plan and data
protection system that reduces the level of exposure
of information systems to both external and internal
risks.
The advantages
of a SOC: Without SOC services,
cyber-criminal attacks can remain hidden for a long
time as companies do not have skills to detect and
respond to threats in a timely manner. We can always
quote the example of Yahoo who has seen their
accounts hacked for many years without knowing it.
Thus, a SOC will
allow companies to have a better visibility on their
environment, have skills, processes and continuous
improvement. With more and more regular attacks,
many organizations are refocusing their security
efforts on prevention and detection.
The training course flow will be a mix
of lectures & classroom discussions so that
participants can have a detailed understanding of
various components of cybersecurity technologies.
ABOUT THE
INSTRUCTOR
Training will be
delivered by an experienced TOGAF 9 Certified
trainer, practicing
TOGAF EAF for over 12 plus years,
with 25+ years of career experience imparting
education and training services both locally and
internationally and have served international
enterprise technology vendors including IBM,
Fujitsu, and ICL.
Our
instructor holds various industry professional
certifications in the space of enterprise servers
and storage technologies, Information Security,
Enterprise Architecture, Blockchain, ITIL, Cloud,
Virtualization, Green IT, and a co-author of 10
IBM Redbooks and have designed and developed 70
plus courses based on storage, information
security, cybersecurity, enterprise architecture,
Blockchain, Open Banking Framework and digital
technologies stacks.
The training course
flow will be
a mix of lectures, videos demonstrations, and
classroom discussions so that participants can
have a detailed understanding of various security
technologies and how to perform an appropriate
planning following best practices sizing guidelines
for building up a Next Generation Security Operations
Framework.
TARGETED
AUDIENCE:
This workshop is intended for resources
who/from:
- CIO, CTO, CISO, CITO, Business
Leaders, VP/IT Director and IT and IS Managers,
Application/Database teams, Audit, Risk and
Compliance, Information Security and
Cybersecurity Professionals, IT Operations,
Project Managers, Enterprise Architects, Network
Operation Teams, and Legal professionals with a
familiarity of basic IT/IS concepts who want to;
- Want to learn new trends in security
and data breach incidents and how SOC can help
in protecting your mission critical business
data.
- Interested in entering the field of
Information Security and Cybersecurity.
- Students and fresh graduates.
- Managers, Senior IT Managers, Business
and HR Leaders who want to refresh thier present
knowledge.
- CSOC Managers and their SOC teams.
- Network Operations Center teams.
Workshop
Summary
At
the end of this course, you will be able to:
- Understand how to develop a strategy
for the collection of the most important logs
and network data.
- Understand how to develop SOC
playbooks and use cases.
- Use threat intelligence to focus your
budget and detection efforts.
- Implement threat hunting and active
defense strategies.
- Develop efficient alert triage and
investigation workflow.
- Create effective incident response
processes.
- Implement metrics, KPIs and goals to
improve the SOC.
- Conduct effective team member hiring,
training, and retention, and prevent burnout.
- Understand the fundamentals for
developing an effective SOC framework.
PREREQUISITES:
Participants
attending this workshop should be familiar with basic
Information Technology (IT) and Security concepts,
business challenges and the role of general system
wide infrastructure technologies and their
applications.
COURSE
OUTLINE
Unit 1
Security Operations Center
Fundamentals
- Things
that you cannot ignore Your
Devices.
- Assess
and mitigate vulnerabilities in your
end-devices.
- Threats
and security challenges faced today and
their solution.
- Assess
and mitigate vulnerabilities in mobile
systems.
- Tactics
used by the Attackers to compromise your
security.
- Why
you need to make cybersecurity a
priority?
- How
cognition works A behavior-based
security.
- Security
Operations Center Defined.
- How
to make you SOC responsive?
- Understand
Cyber Incident Recovery Tool and its
importance.
- Main
components of SOC and SOC Team
Structure.
- Challenges
every Security Operations Center faces.
- What
Top-Performing SOC Teams have in Common.
- Understanding
SOC Playbook and the need for developing
it.
- Five
key Steps for developing a SOC
Cybersecurity Playbook.
- SOC
Automation Playbook User Containment
Sample Workflow.
- Network
Operations Center Vs. Security
Operations Center.
- Unit
1 Assessment.
Unit 2
SOC Design Criteria and Workflow
- Organizations
must consider questions related to SOC
Assessment.
- Encountering
types of supported Data Sources.
- Prerequisites
to establishing a SOC Design.
- Why
SOC Projects Fails? Reasons SOC Projects
Fail and Succeed.
- Common
mistakes that should be avoided in SOC
designing phase.
- Log
Management/Analytics A critical aspect
of SOC.
- Capacity
planning and capacity planning
guidelines.
- Selecting
the right tools for your Security
Operations Center.
- Knowing
key challenges of your SOC Design phase.
- Recommendations
for selecting SOC tools.
- Strategic
Planning Assumption The right and
wrong approach.
- Reasons
SOC Tooling Projects Fail and Succeed.
- SOC
Design Criteria and Flow.
- Build
SOC Approach.
- Security
Operations Centers: One size does not
fit all.
- Unit
2 Assessment.
|
Unit 3
SOC Maturity Assessment and Design
Framework
- Key
SOC Metrics and KPIs: How to define your
KPIs and use them.
- A
complete list of tasks carried out in
Security Operations Center?
- The
three Big Challenges for managing the
SOC.
- Align
the tool selection process.
- Security
Target Operating Reference Model.
- Technologies
needed to achieve a Maturing SOC.
- Endpoint
Detection & Response and Network
Traffic Analysis.
- Understand
critical components of SIEM Solution and
SIEM Process.
- How
to select a right SIEM tools for your
business.
- Problem
solved by SIEM Solution and SIEM sizing
guidelines.
- Security
Orchestration, Automation and Response
SOAR.
- Understanding
the difference between SOAR and
SIEM.
- Understanding
the important capabilities of a SOAR
based solution.
- Egress
Monitoring & solution based on
Network Access Control.
- Understand
NAC and how NAC secures your network.
- Exploiting
Next-Generation Firewall.
- Measuring
Capability & Maturity levels in
SOCs.
- SOC
Capability Maturity Assessment Model.
- A
Modern SOC Maturity Level and
Capabilities An Example.
- What
exactly is required by SOC Framework?
- SOC
Framework Architecture.
- Building
a Security Operations Center involves
multiple domains.
- Multiple
layers of protection High Level
Summary.
- An
Effective SOC Resource Availability
& Non Availability Matrix.
- Generic
Security Operations Center Framework.
- Unit
3 Assessment.
Unit 4
Incident Response
- Understanding
Incident Response.
- The
Role of Computer Security Incident
Response Team CSIRT.
- The
importance of Incident Response Plan.
- Seven
key phases of an Incident Response Plan.
- Computer
Forensics (Cyber Forensics).
- Cyber
Incident Management Framework.
- Incident
Management and Categorization.
- The
role of Service Desk in Incident
Management.
- Challenges
associated with Incident Categorization.
- Incident
categories, subcategories, and
categorizing incidents.
- Incident
Response Planning and Severity of
Incident.
- Timeline
from Security incident to Business
Continuity.
- Critical
Incident Recovery Plan and Cyber Attack
Quick Response.
- Preparing
for a Security Breach.
- Important
consideration from Data Recovery point
of view.
- Zero-day
and your Security Strategy.
- Mitigating
the effects of a Zero-day attack
Recommendations.
- Unit
4 Assessment.
|
     
|
List of IBM AIX Operating System
List
of
IBM AIX Operating System
