
What is the SOC and why is it important?
This booklet provides a brief overview of the 11 Strategies of a World-Class Cybersecurity Operations Center. It offers a window into the 11 strategies discussed in the book, with the hope that the reader will be enticed to download the freely available full version of the book or to acquire the e-book or a print version.
Ensuring the confidentiality, integrity, and availability of the modern digital enterprise is a big job. It encompasses many parallel and related efforts, from robust systems engineering to effective cybersecurity policy and comprehensive workforce training.
One essential element is cybersecurity operations: monitoring, detecting, analyzing, responding, and recovering from all measures of cyber attack. The operational focal point for incident detection, analysis, and response is the cybersecurity operations center (CSOC, or simply SOC).
Who is this book for?
If you are part of, support, frequently work with, manage, or are trying to stand up a SOC, this book is for you. Its audience includes SOC managers, technical leads, engineers, and analysts. Portions of 11 Strategies can also be used as a reference by those who interface with SOCs on a routine basis to better understand and support security operations. Students and individuals transitioning into cybersecurity operations from other fields may also find it useful.
SOC Fundamentals
The operational focal point for incident detection, analysis, and response is the cybersecurity operations center (CSOC, or simply SOC). A SOC satisfies the constituency’s cyber monitoring and defense needs by performing a set of functions for its constituency.

- SOCs accomplish their mission in large part by being purveyors and curators of copious amounts of security-relevant data.
- They must be able to collect and understand the right data at the right time in the right context.
- Virtually every mature SOC employs several different technologies, along with automation processes, to generate, collect, enrich, analyze, store, and present tremendous amounts of security-relevant data to SOC members.


- STRATEGY 1: ? Know What You Are Protecting and Why
- STRATEGY 2: ? Give the SOC the Authority to Do Its Job
- STRATEGY 3: ? Build a SOC Structure to Match Your Organizational Needs
- STRATEGY 4: ? Hire and Grow Quality Staff
- STRATEGY 5: ? Prioritize Incident Response
- STRATEGY 6: ? Illuminate Adversaries with Cyber Threat Intelligence
- STRATEGY 7: ? Select and Collect the Right Data
- STRATEGY 8: ? Leverage Tools to Support Analyst Workflow
- STRATEGY 9: ? Communicate Clearly, Collaborate Often, Share Generously
- STRATEGY 10: ? Measure Performance to Improve Performance
- STRATEGY 11: ? Turn up the Volume by Expanding SOC Functionality