Information security and the importance of Security Operation

Information security and the importance of Security Operation

Certain companies today are legally obliged to take a risk-oriented approach to information security. One preferred approach is to introduce an information security management system (ISMS) and to implement the associated measures and procedures. Among other things, this involves creating structures, responsibilities, processes and specifications in order to integrate, monitor and control the information security within an organisation over the long-term. The ISMS is thus the fundamental basis for the entire information security. Depending on the degree of maturity of the organisation, this kind of project involves a wide range of measures, from physical protection (e.g. access systems) to organisational aspects, such as security awareness.

The quantity and quality of cyberattacks has increased in recent years. Different actors can have different goals, for example espionage or profit through extortion. For organisations, the first step involves the challenge of recognising when there is an attack, and making people aware of it so that the appropriate measures can be initiated. Practice shows that the majority of companies have deficits in regard to information security. Often, for example, they lack technical measures for detecting attacks and protecting against them. It is therefore recommended to establish an organisational unit dedicated to operative information security – also known as Security Operation. Such a unit is often directly responsible for establishing detection and management structures in the scope of a security operation centre (SOC). Its task is to monitor the OT and IT landscape using diverse methods and tools, and thus to be able to react quickly and get processes running whenever there is any suspicion.

Because cyberattacks are commonly also made during off-peak hours or on public holidays, a SOC company faces difficult challenges. This is where service providers who assume responsibility for the monitoring outside peak-hours, or even completely at all times, can help. Nevertheless, even when outsourcing the SOC, a company still needs its own structures, because actions can often only be taken by the in-house IT department.

With the passing of the IT Security Act 2.0 (IT-SiG 2.0) in May 2021, operators of the critical infrastructure (including companies in the new “municipal waste management” CRITIS sector) have had a burden of extra duties placed upon them. Among other things, they are obliged to establish monitoring systems and/or attack detection systems by 1 May, 2023.

A SOC uses various tools, such as monitoring systems, honeypots or canaries, and implements procedures such as performing penetration tests or threat hunting. In addition to introducing security information and event management (SIEM), the SOC also needs defined responsibilities, processes and often far-reaching tools. secunet supports companies, among other things, in the development of such concepts. Together with the client, a vision is created. This means it is defined exactly what duties the SOC needs to perform, what methods and tools will be used, what processes are required, and how any service providers are to be included. In this way, a mutual understanding of the SOC’s scope of responsibilities is created within the company.

Contact us if you want to avoid the standstill of your IT and your business.

Contact request
You have questions or need consulting?
You have questions or need consulting?

Write us a message and we will get back to you as soon as possible.

Site 1