Security Operation Centre: CIO Reporting Benefits and Case Studies

Verified

Added on 2023/06/15

AI Summary

This report provides a detailed overview of Security Operations Centres (SOCs), emphasizing their role in managing organizational security at technical and organizational levels. It discusses the reporting structure of a SOC, arguing for the importance of reporting to the Chief Information Officer (CIO) rather than the Chief Information Security Officer (CISO). The report highlights the responsibilities of both roles and justifies the CIO's oversight due to their broader control over IT infrastructure and assets. Case studies of IBM and Microsoft are included, illustrating how these organizations utilize SOCs and their reporting structures to maintain security. Furthermore, the report outlines the advantages of SOCs reporting to CIOs, including improved information analysis, security monitoring, issue management, and cyber security response. The conclusion reinforces the significance of SOCs in modern organizations and summarizes the benefits of aligning them under the CIO's supervision.

Running head: SECURITY OPERATION CENTRE
Security Operation Centre
Name of the Student
Name of the University
Author’s Note:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1
SECURITY OPERATION CENTRE
Table of Contents
Introduction................................................................................................................................2
Discussion..................................................................................................................................2
CISO or CIO..........................................................................................................................2
IBM Security..........................................................................................................................3
Microsoft Security..................................................................................................................4
Advantages of SOC reported to CIO.....................................................................................4
Conclusion..................................................................................................................................5
References..................................................................................................................................6

2
SECURITY OPERATION CENTRE
Introduction
A SOC or a security operations centre is a specific centralized unit, which eventually
helps to deal with any type of problem or issue in terms of security in all the technical or
organizational levels. This particular security operations centre is any centralized location,
which allows the employees or the staffs to supervise the site by utilizing the technology of
data processing (Bhatt, Manadhata & Zomlot, 2014). The main work of a security operations
centre is to monitor the access and manage or control of the alarms, lighting and all the
barriers of vehicles. The information security operations centre of any particular organization
is the specific site where the systems like networks, databases, applications and many more
are closely accessed and monitored.
The following report provides a brief description about the security operations centre
or SOC with significant details. This report helps to understand where the security operations
centre should report to, CIO or CISO (Easttom II, 2016). Moreover, two high profile
organizations, which have security operations centres, are also being described here. The
important benefits or advantages of SOC reporting to CIO are also discussed in this report.
Discussion
CISO or CIO
CISO or the chief information security officer is a particular senior level executive of
any organization, whose main job is to establish and maintain the strategies, vision and the
program of an enterprise. This is mainly done for ensuring that all the assets and the
technologies related to information are properly protected (Chandran et al., 2014). The chief
information security officer provides direction to staffs in the successful identification,
development, implementation and maintenance of processes within the organization for the

3
SECURITY OPERATION CENTRE
purpose of reduction of risks related to information and information technology. The major
responsibilities of a CISO include cyber security, disaster recovery, information privacy and
many more (Zope, Vidhate & Harale, 2013). The security operations centre is not reported by
a CISO, as it is a centralized location for overall security of the organization.
A CIO or chief information officer of any organization is the most senior level
executive who controls and manages the entire information technology and the computer
systems for achieving organizational goals and objectives (Zhu, 2015). The responsibilities of
a chief information officer mainly include observing the entire security operations centre of
an organization, purchasing and selling off an information technology asset, fulfilling the role
of a business leader and many more. He or she is the most important person related to
information technology as all the IT related tasks are monitored by him or her (Kirchner &
Dominguez, 2013). The security operations centre or SOC is solely monitored and reported to
the CIO of any particular organization.
IBM Security
IBM is one of the most popular and recognized multinational technology
organizations of the United States of America that has its headquarters in New York
(Enterprise Security | IBM Security., 2018). Founded in the year of 1911, IBM is considered
as one of the most significant organizations in all of the world in terms of technology and
security. As this organization mainly deals with software and technology related assets,
security is the first and the foremost concern for the employees. This company has the most
unique security operations centre that can be operated from any part of the world completely
automatically (Enterprise Security | IBM Security., 2018). The SOC of the organization
report to the CIO and thus the security is maintained properly and perfectly.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4
SECURITY OPERATION CENTRE
Microsoft Security
Microsoft Corporation is again one of the most popular multinational technology
companies of the United States of America that has its headquarters in Redmond, Washington
(Global Security., 2018). This organization manufactures, develops and sells all types of
computer software, computer systems and services. The best product of this particular
organization is the operating system of Microsoft Windows. The other popular software
products and services include the Internet Explorer and Microsoft Office Suite. Since, most
of the products of this organization are software based, security is extremely high (Global
Security., 2018). The SOC or the security operations centre of Microsoft Corporation report
directly to the chief information officer of the company and the security of the products is
maintained.
Advantages of SOC reported to CIO
The security operations centre or SOC of any particular organization is directly
reported to the chief information officer or CIO (Zope, Vidhate & Harale, 2013). The major
or the most important advantages of security operations centre reported to a chief information
officer are as follows:
i) Proper Analysis of Information: The information of the organization or technology
is properly analyzed with the help of SOC by the chief information officer.
ii) Monitoring of Security: The security operations centre of any organization
monitors the security of the databases, networks, applications, servers and many more
(Easttom II, 2016). The CIO of the company properly checks this.
iii) Ensuring Security Issues: The problems or the issues related to the security
system are solely managed by the security operations centre.

5
SECURITY OPERATION CENTRE
iv) Responding to Cyber Security: This is another important advantage of SOC
reported to CIO (Chandran et al., 2014). The cyber security is properly responded and noted
by the CIO of a company.
Conclusion
Therefore, it can be concluded that all types of high profile organizations utilize
security operations centres for their business security. A security operations centre or a SOC
is any particular centralized element, which ultimately helps in dealing with all kinds of
problems or issues according to security in each and every technical level or organizational
level. This specific security operations centre is any particular centralized location that
enables an employee or a staff for supervising the site by simply using the basic technology
of processing of data. The major task of any SOC or security operations centre is to manage
or control of the alarms, lighting and all the barriers of vehicles and to monitor the access.
The information security operations centre of a specific company is the particular site where
all the systems such as applications, networks, databases and many more are solely monitored
and accessed. The above report has given a significant discussion on the security operations
centre. The report has further described about the advantages of security operations centre
when it is reported to the CIO. Examples of two high profile organizations, namely IBM and
Microsoft are further given in this particular report.

6
SECURITY OPERATION CENTRE
References
Bhatt, S., Manadhata, P. K., & Zomlot, L. (2014). The operational role of security
information and event management systems. IEEE security & Privacy, 12(5), 35-41.
Retrieved 18 February 2018, from
https://www.researchgate.net/profile/Loai_Zomlot/publication/273394505_The_Oper
ational_Role_of_Security_Information_and_Event_Management_Systems/links/
55aed64e08ae98e661a6f259/The-Operational-Role-of-Security-Information-and-
Event-Management-Systems.pdf
Chandran, S., Case, J., Truong, T., Zomlot, L., & Hoffmann, M. (2014). A Tale of Three
Security Operation Centers. Retrieved 18 February 2018, from
http://people.cs.ksu.edu/~sathya/papers/siw14.pdf
Easttom II, W. C. (2016). Computer security fundamentals. Pearson IT Certification.
Retrieved 18 February 2018, from
http://iran-lms.com/Docs/pdf/Books/Computer.Security.Fundamentals.2nd.Edition.De
c.2011.pdf
Enterprise Security | IBM Security. (2018). Ibm.com. Retrieved 16 February 2018, from
https://www.ibm.com/security
Global Security. (2018). Microsoft.com. Retrieved 16 February 2018, from
https://www.microsoft.com/en-us/globalsecurity
Kirchner, E. J., & Dominguez, R. (Eds.). (2013). The security governance of regional
organizations (Vol. 58). Routledge. Retrieved 18 February 2018, from
https://books.google.co.in/books?hl=en&lr=&id=B0_-8ynVB-
oC&oi=fnd&pg=PP2&dq=Kirchner,+E.+J.,+%26+Dominguez,+R.+(Eds.).+(2013).

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7
SECURITY OPERATION CENTRE
+The+security+governance+of+regional+organizations+(Vol.+58).
+Routledge.&ots=0Jf4YNyBek&sig=FIojfpaBtHrdsSg5mLdpcR3HdiA&redir_esc=y
#v=onepage&q&f=false
Zhu, J. (2015). Optimization of power system operation (Vol. 47). John Wiley & Sons.
Retrieved 18 February 2018, from https://books.google.co.in/books?
hl=en&lr=&id=fH5sBgAAQBAJ&oi=fnd&pg=PA297&dq=Zhu,+J.+(2015).
+Optimization+of+power+system+operation+(Vol.+47).+John+Wiley+%26+Sons.
+&ots=08PSrFISAC&sig=RligVpC894kk04VxDw0ZQYUgJJI&redir_esc=y#v=onep
age&q&f=false
Zope, A. R., Vidhate, A., & Harale, N. (2013). Data Mining approach in security information
and event management. International Journal of Future Computer and
Communication, 2(2), 80. Retrieved 18 February 2018, from
https://pdfs.semanticscholar.org/a5f3/0d2d7a634a106906aaf07d1bbb144e705ae8.pdf