How to plan for modernizing SOCs

  • 12 minutes

Alvaro Vitta, Microsoft’s Global Cybersecurity Lead for Public Sector, explains the steps that public sector organizations should take in the SOC modernization journey. Those steps can be grouped into three phases:

  • Envisioning
  • Implementation
  • Operationalization

Phase 1: Envisioning

Envisioning is the first phase because it involves preparation. Envisioning emphasizes the importance of defining a clear vision, strategy, and mission for SOC modernization along with policy creation and performing a current SOC assessment.

  • Vision is the "what" and "why" of the modernization goal: What do you want to do and why?
  • Strategy is the "how": How will you implement the vision?

Once you define the vision and strategies, you’re ready to create the mission. The mission focuses on key, measurable objectives.

The last part of the envisioning phase is:

  1. Policy creation
  2. Assessment of the current security operations center (SOC)
  3. Development of the roadmap

The roadmap is an essential piece because it defines the exact steps needed to complete the modernization plan.

Phase 2: Implementation

The second phase, implementation, involves the actual implementation of the modernization plan that was created during the envisioning phase. Implementation includes selecting appropriate technologies and enabling those technologies to integrate the various data sources that feed the SOC.

Phase 3: Operationalization

The final phase, operationalization, or operation, is when public sector organizations begin using the new, modernized security operations center. For some, the operationalization phase means the involvement of a service provider to manage the SOC. For others, an internal team is responsible for operating the modernized SOC. Either way, the creation of a RACI is vital. You must decide who’s going to be:

  • Responsible
  • Accountable
  • Consulted
  • Informed

Documenting any changes in security runbooks and defining security alerts helps with continuous optimization and adaptation to evolving cyberthreats in a modernized SOC environment.

SOC modernization journey infographic. Select the following link for the accessible PDF version.

SOC Modernization journey infographic (PDF)

In the following podcast segment, Jonathan Cassar, Chief Technology Officer of Malta's IT Agency, explains the important steps to public sector SOC modernization.