CSIRT and SOC services
The role of Cybersecurity Incident Response Team (CSIRT) or Security Operations Centre (SOC)
Cyber-attacks to digital infrastructure and assets are globally among the top risks as indicated in The Global Risks Report 2021. Despite various efforts to mitigate, the likelihood of cyber-attacks is continuously increasing not only for private organisations, but also for governments, sectors and even nations:
- Are the digital assets of an organisation, government sector or a nation secure?
- Is an organisation, government sector or a nation able to timely detect and respond to cyber incidents?
- How to ensure and preserve confidentiality, integrity, and availability of digital information?
These and related questions arise after facing critical incidents, like leakage of confidential data or a shutdown critical infrastructure facility due to Advanced Persistent Threat (APT) or denial of service attacks.
Our process for CSIRT or SOC establishment
The typical NRD Cyber Security baseline for CSIRT or SOC establishment is:
- Performing initial assessment
- Preparation of a detailed CSIRT or SOC design and implementation plan
- Preparation (review) of CSIRT or SOC mandate
- Preparation of technical solutions architecture along with identification and proposal of alternatives for most suitable components
- Preparation of essential policies and procedures
- Implementation of technology solutions
- Training sessions for staff
- Soft launch
- Update and upgrade of security operations
- Official launch
- Continuous support after the launch
Depending on the assignment, first actionable results usually come within the 4 months.
Company experts continuously engage in cybersecurity projects in private sector, academia, and military. NRD Cyber Security is a member of various international organisations, like GFCE, ITU-D, ECSO, FIRST.Org, and Trusted Introducer.
The quality of security operations increases through the following:
Maturity: Moving from ad-hoc to well-defined and mature models of operation of CSIRT or SOC which ensures fewer errors and inefficiencies.
Clear service model: Defined roles, responsibilities, and competences as well as incident categorisation, communication, and management practices enable maximal incident prevention and minimal impact.
Mandate: All resources (people, technology, processes) are clearly connected to the mandate and created value via service and process KPIs.
Flexible set-up: CSIRT or SOC composition and clear KPIs allow cost-effective insourcing and outsourcing of additional capabilities when needed.
Security operational risks are reduced due to:
Speed: Faster incident identification, analysis, resolution, and mitigation due to clear and effective service processes.
Clear reporting: The CSIRT or SOC model ensures that all constituents understand clearly how to report the incidents.
Trust: The reputation of a professional CSIRT or SOC and working with various local and international communities ensures much better formal and informal communications regarding incident handling.
