GFCE Cybersecurity Knowledge Modules

KM3 - Cyber diplomacy and international cooperation
Module objectives
1. Risks for international peace and cyber-stability
3 Topics
1.1 Cyber-attacks and geopolitics
1.2 Cyber as part of hybrid warfare
1.3 Cyber-armament
2. Towards an international agreement
4 Topics
2.1. Framework for responsible state behaviour in cyberspace
2.2. Applicability of international law
2.3. Norms, confidence building measures, and capacity building
2.4 Broader context
3. International cooperation
4 Topics
3.1. The United Nations
3.2. Other multilateral forums
3.3. Regional efforts
3.4. Multistakeholder efforts
4. Cyber diplomacy
5. Main takeaways
6. Assignment
1 Quiz
KM3 Quiz
KM4 - Cyber Incident Management
Module objectives
1. Introduction
2. Types of Cyber Incident Response Teams
5 Topics
2.1. National Computer Security Incident Response Team
2.2. Product Security Incident Response Team
2.3. Sector CSIRTs
2.4. Security Operation Centre
2.5. Commercial CSIRT
3. What needs to be considered when establishing a National CSIRT?
2 Topics
3.1. CIRT framework
3.2. How to set up CSIRT and SOC
4. How to assess cyber incident readiness
3 Topics
4.1. Security Incident Management Maturity Model (SIM3)
4.2. Security Operation Centre Capability and Maturity Model (SOC-CMM)
4.3. CSIRT Maturity – Self-assessment Tool
5. Which services do the CSIRTs offer?
2 Topics
5.1. FIRST CSIRT services framework
5.2. ITU-T Recommendation X.1060 service categories
6. Who does the CSIRT serve?
7. Which Tools does a CSIRT need?
8. Policies, frameworks, and guidelines
9. Resourcing and funding a CSIRT
1 Topic
9.1. What does a CSIRT Budget look like?
10. CSIRT capabilities
3 Topics
10.1. Training and certification
10.2. Auditing
10.3. Cyber drills
13. Main takeaways
14. Assignment
1 Quiz
KM4 Quiz
2 of 5
Previous Topic
Next Topic

2.4. Security Operation Centre

GFCE Cybersecurity Knowledge Modules 2. Types of Cyber Incident Response Teams 2.4. Security Operation Centre

There is no set definition of what a Security Operation Centre (SOC) is. A SOC or internal CSIRT monitors, protects, defends, or basically manages cybersecurity risks to an organisation’s business activities. A SOC typically provides routine services including analysis of incident detection, and monitoring and maintenance of security response systems. The centre is managed by a chief security officer (CSO) or a chief information security officer (CISO).

In building a SOC, an organisation should start small and slowly build in a controlled manner to create a fully fledged SOC.  At the beginning, the emphasis should be on gaining experience in monitoring log data from a select number of infrastructure or middleware components, registering incidents using the right tools, generating periodic reports and recording lessons learned. Staff should participate in relevant meetings within the organisation. An information security policy that has been approved by the management is essential for the operation of a SOC.

Compliance or certification to ISO/IEC 27001 standard demonstrates the quality and effectiveness of the organisation’s information security policies, procedures and controls. This standard can be used to support the functioning of the SOC.

Previous Topic
Back to Lesson
Next Topic

New post

Your email address will not be published. Required fields are marked *

Post a comment
Skip to content