Security Report: SOC Technical Analysis and Security Recommendations

Verified

Added on 2023/01/03

AI Summary

This report provides a detailed technical analysis of a Security Operations Center (SOC) for a UK-based taxation management firm. It begins with an introduction to computer security, emphasizing the importance of protecting systems and data from unauthorized access and harm. The report then provides an overview of the case, outlining the firm's need for a SOC to address security breaches and modernize its outdated systems. The technical report section delves into the SOC's core functions, including security operations, assurance, practices, assessment, and testing. It explores different SOC models, such as internal, virtual, and hybrid approaches. Furthermore, the report examines information assurance methodologies, incident management, audit assurance and review, business continuity planning, and disaster recovery plans, providing a comprehensive guide to enhancing the firm's security posture. The report concludes with a discussion of incident response procedures, detailing preparation, identification, containment, elimination, recovery, and lessons learned, to ensure the firm can effectively manage and mitigate security threats. The report also includes references to support the analysis and recommendations.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Security Report
1

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Table of Contents
Introduction......................................................................................................................................1
Overview of the case..............................................................................................................1
Technical report......................................................................................................................1
Conclusion.......................................................................................................................................6
References........................................................................................................................................7
2

Introduction
Computer security refers to protecting computer system along with information from
theft, unauthorised usage and harm. This is process that is associated with prevention as well as
detection of unauthenticated utilisation of computer system (David, Keupp and Mermoud, 2020).
It implies controls that have been placed for providing integrity, availability and confidentiality
of all components of system. Basically, it is cyber security that implies body of practices,
technologies and processes that are designed for securing networks, programs and data from
damage or unauthenticated access. In context of organisation, it is important that they develop
relevant strategies, procedures and policies that will further enable them within securing devices
as per desired standards and conduct functionalities in efficacious manner. This report is based
on UK enterprise who deals within taxation management and are looking forward to amplify
their computer systems in order to minimise the complexities associated with their business
processes. This report will furnish technical document of SOC which will further comprise of
security operations, assurance, practices, assessment and testing.
Overview of the case
The UK based organisation is taken who have different offices across the country as
they are growing and their system have became outdated there is a risk of security breaches. The
firm have opted for SOC so that they can deliver adequate support as well as render security
services to the latter. The system must comprise of intercentre communication, remote access,
mailing system, bandwidth, and simplicity in execution, server expansion and many other (Kwak
and et. al, 2020). The major concern of management is protection against hacker attacks, virus,
availability, support, etc. The firm needs to have a security report that will enable to deal with
security concerns that might occur while delivering their operations within the marketplace.
Technical report
SOC (Security operations center) implies gathering of tools along with team members
that are liable for continuously monitoring and making sure that security measures of
organisation are addressed. It serves like a unified base that is accountable for detecting,
investigating, responding and recovering from any kind of vulnerabilities and threats. The
3

models that can be utilised by organisation in order to prevent their operations or network
infrastructure from attacks are specified below:
 Internal SOC: This is comprises of dedicated employees who are operating within the
organisation. They have high upfront cost and are created via organisation that has
matured security and IT strategies.
 Virtual SOC: They are third party service providers who are experts within their field. It
will be easy for organisation to set up as less cost will be involved and have control over
security.
 Hybrid SOC: This involves in-house teams are merged with outsourced teams who
makes of services to fill the gap present in coverage. This will provide organisation with
24*7 monitoring of their internal network so that any kind of vulnerabilities or attack do
not takes place within the working premises.
Security operations and assurance
This aspect comprises of different aspects that will further enable organisation to deliver
their services to customers in secured manner. In addition to this, it will also prevent their
systems from any kind of vulnerability through which information can be compromised.
Different entities related with this concept are mentioned beneath:
Information assurance methodologies: It denotes the practice that is liable for protection
against as well as management of risks that are associated with usage, storage along with
transmission of data (Lee and et. al, 2020). Information assurance is liable for management of
following functions of information system and data of the organisation:
 Availability: This make sure that information is ready to be used that means users can
access it and desired levels of performance can be attained by this.
 Integrity: It ensures that the data along with related system will be only accessed as well
as altered via authorised authorities only and no one else have permissions to do so.
 Authentication: This entity makes sure that user is the one who they say and for ensuring
this aspect it is important to make use of parameters like biometrics, passwords, security
tokens and digital certificates for preserving or identifying the individual.
 Confidentiality: This is accountable for limiting access to information such as
confidential information of organisation (Mahajan, 2020).
4

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

 Non-repudiation: It make sure that an individual cannot deny certain actions like if
message has been sent or received by them as the organisation have relevant proof in
their system that is being done.
These are major functions that are being ensured by the information assurance in order to
comply to the certain policies that have been formulated for securing the operations conducted
by the organisation in context of information that is being accessed.
Incident management: The event that might lead to disruption or loss of organisational
functions, services or operations is defined as incident. The term incident management implies
activities of an organisation that involves identification, analysis and correction of hazards for
prevention re-occurrence of an event in future (Samtani and et. al, 2020). In this context, it
becomes important an organisation to precisely identify the aspects that have lead to creation of
any kind of vulnerability so that in future if such kind of situation is developed then it can be
recognised beforehand so that any passive pessimistic impact is not created on the their
operations. As per the ISO/IEC Standard 27035, the five processes that are involved within
security incident management are illustrated beneath:
 Preparation for dealing with incidents
 Identification of probable security incidents via monitoring along with reporting all that
have been happened to SOC so that they can identify present potential
 Assessment of incidents that have been identified for determination of adequate next
steps that can be taken for mitigation of risk.
 Response to incident by containing, investigation and resolving them with reference to
previous point.
 Document each key takeaway from each incident that have been occurred.
Audit assurance and review: In context of software, this aspect refers to internal as well
as external review of the software program for checking their quality, adherence and progress.
This is done in terms of security like whether the software is updated or not as this might make
entire network of the organisation vulnerable to the attacks (Thomas and et. al, 2020). Network
auditing is carried out by SOC in order to have collective measures for carrying out analysis,
study along with collecting information related with the network for assuring its health with
5

needs of organisation. The audit and review of network will be conducted in order to ensure that
all the requirements of firms are going on adequately without any risk from vulnerabilities or any
viruses.
Business continuity planning and management: The document is liable for outlining the
ways in which business will operate their unplanned disruption while delivering their services.
This is very comprehensive and as this involves contingencies for business assets, processes and
each aspect of the organisation that might be impacted. For an instance if any attack takes place
within the network then it will hamper the operations of each individual either directly or
indirectly suppose identity theft occurs ten customer cannot know that whether they are sharing
their information with employee of the organisation or an intruder and same goes with the firm
(Wang and Jones, 2020). Thus, it becomes important for management of the firm to make sure
that they are able to cope up with the evolution of technology by monitoring each activity that is
being carried out.
Disaster recovery plan
The documented as well as structured approach that is accountable for depicting the ways
by which firm can conduct their functionalities from any unplanned incident is defined as
disaster recovery plan. With reference to taxation management firm, the SOC have provided the
following plan:
 Establish owner: This involves expectation to protect business from certain cyber attacks
and IT department of organisation is accountable for monitoring and tracking the
network. The SOC is recruited in order to protect the firm by having all the details about
incidents or the probability that it might occur.
 Determine representatives of business: This involves formulating plans that might
impact functioning of each department of the organisation. In this case SOC have to take
into account certain aspects, they are: what access is given to whom, the software and
documents are up to date and brainstorming must be done for understanding the aspects
that might lead to vulnerabilities (Berman and et. al, 2019).
 Document risks: In context of organisation, it is important that all the risks must be
identified by making use of brainstorming. This involves, what will be done if servers are
6

compromised, what if network is breached and many more. These questions shave to be
addressed for mitigating the probability of the risks by formulation of relevant plan.
 Specify tools and technologies: This involves the essentials of the firm through which
they conduct their operations. Like payroll data, CRM and many others. It is the liability
of organisation what information and software is utilised by whom within the working
premises.
 Back up: It is important that back up must be created but where it has to be done is
foremost having a back up on the same system that is compromised will not serve the
purpose as this is of no use. Thus, services from cloud must be utilised by taxation
management firm as organisation have taken certain measures but similarly cloud service
providers do which in turn makes information more secured (Corallo, Lazoi and Lezzi,
2020).
 Formulation of communication plan: When disaster takes place in off-hours it is
important that each employee is notified about the same. Like intruder can make use of
identity theft for having other details from the employee. The other aspects comprises of
ways in which customers as well as vendors can be notified their functionalities from
remote locations.
Response summary
The organised approach that is undertaken for addressing and managing security breaches
is defined as incident response. This will involve the way to deal with consequences related with
incident that have occurred. The steps that can be taken up by taxation management organisation
are mentioned below:
 Preparation: This is critical that security breaches are formulated as it will enable them
within development of policies, providing access control and communication.
 Identification: Here, SOC will identify incidents and formulate a quick response for the
same that will further lead to decline within the cost along with damage that will be
declined. Passwords must be altered regularly; information about events must be gathered
by making use of monitoring tools, intrusion detection, firewalls and log file for
identification of potential scope (Gunduz and Das, 2020).
7

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

 Containment: When incident is detected then the priority of firm must be to prevent the
damage that is being caused. For an instance, virus might attack the taxation firm which
might hamper their operations. In order to prevent system, short as well as long term
containment must be formulated for dealing with the attacks.
 Elimination: This comprises of eradication of threat and restores the system that has
been infected by the attack. The servers can be formatted so that the risks of spreading
malwares or viruses can be prevented. Furthermore, SOC needs to check that software
that are utilised by organisation are up to date so that probability of attacks in future can
be minimised (Li and et. al, 2019). Access to application and information must be
restricted depending upon functionalities of the employee.
 Recovery: It is important that system are monitored, tested as well as validated in order to
ensure that they are not affected again. This is crucial step that must be considered in
order to ensure that firm is able to deliver their services as per desired standards.
 Lessons learned: This involves educating themselves with respect to ways in which they
responded to the attack and the manner it could have been done. This will enable
taxation organisation to update their incident response plan accordingly.
Apart from all this, it is important that checklist is being developed for responding to
different situations that might occur while delivering their services within the marketplace. This
checklist must involves risk assessment, identifying stakeholders, defining security incidents,
inventory resources, planning data flow and developing incident event log.
Conclusion
From above it can be concluded that, while delivering operations within the market it
becomes important appropriate security measures are being taken up by the firm so that their
functionalities are not hampered. It is important that relevant measures are being taken up for
identification and dealing with different security aspects as well as preventing information of
firm from getting compromised due to certain cyber attacks or incidents
8

References
Books and Journals
Berman, D.S. and et. al, 2019. A survey of deep learning methods for cyber
security. Information, 10(4), p.122.
Corallo, A., Lazoi, M. and Lezzi, M., 2020. Cybersecurity in the context of industry 4.0: A
structured classification of critical assets and business impacts. Computers in
Industry, 114, p.103165.
David, D.P., Keupp, M.M. and Mermoud, A., 2020. Knowledge absorption for cyber-security:
The role of human beliefs. Computers in Human Behavior, p.106255.
Gunduz, M.Z. and Das, R., 2020. Cyber-security on smart grid: Threats and potential
solutions. Computer Networks, 169, p.107094.
Kwak, Y. and et. al, 2020. Why Do Users Not Report Spear Phishing Emails?. Telematics and
Informatics, p.101343.
Lee, J.K. and et. al, 2020. Reconciliation of privacy with preventive Cybersecurity: The bright
internet approach. Information Systems Frontiers, 22(1), pp.45-57.
Li, L. and et. al, 2019. Investigating the impact of cybersecurity policy awareness on employees’
cybersecurity behavior. International Journal of Information Management, 45, pp.13-24.
Mahajan, S., 2020. Automotive Cyber Security Market: Industry Analysis and Forecast Till
2026.
Samtani, S. and et. al, 2020. Cybersecurity as an Industry: A Cyber Threat Intelligence
Perspective. The Palgrave Handbook of International Cybercrime and Cyberdeviance,
pp.135-154.
Thomas, B. And et. al, FireEye Inc, 2020. Dynamic adaptive defense for cyber-security threats.
U.S. Patent 10,616,265.
Wang, L. and Jones, R., 2020. Big Data Analytics in Cyber Security: Network Traffic and
Attacks. Journal of Computer Information Systems, pp.1-8.
9