JOCERT SERVICES
Security Operation Center (SOC) is a centralized function within an organization employing people, processes, and technology to continuously monitor and improve an organization’s security posture while preventing, detecting, analyzing, and responding to cybersecurity incidents.
A SOC acts like the hub or central command post, taking in telemetry from across an organization’s IT infrastructure, including its networks, devices, appliances, and information stores, wherever those assets reside. The proliferation of advanced threats places a premium on collecting context from diverse sources. Essentially, the SOC is the correlation point for every event logged within the organization that is being monitored. For each of these events, the SOC must decide how they will be managed and acted upon.
Incident response is an organized approach to addressing and managing the aftermath of a security breach or cyberattack, also known as an IT incident, computer incident or security incident. The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.
Ideally, incident response activities are conducted by an organization’s computer security incident response team (CSIRT), a group that has been previously selected to include information security and general IT staff as well as C-suite level members. The team may also include representatives from the legal, human resources and public relations departments. The incident response team follows the organization’s incident response plan (IRP), which is a set of written instructions that outline the organization’s response to network events, security incidents and confirmed breaches.
Incident response is about making and having a flight plan before it is necessary. Rather than being an IT-centric process, it is an overall business function that helps ensure an organization can make quick decisions with reliable information. Not only are technical staff from the IT and security departments involved, so too are representatives from other core aspects of the business.
Digital forensic science is a branch of forensic science that focuses on the recovery and investigation of material found in digital devices related to cybercrime. The term digital forensics was first used as a synonym for computer forensics. Since then, it has expanded to cover the investigation of any devices that can store digital data. Although the first computer crime was reported in 1978, followed by the Florida computers act, it wasn’t until the 1990s that it became a recognized term. It was only in the early 21st century that national policies on digital forensics emerged.
Digital forensics is the process of identifying, preserving, analyzing, and documenting digital evidence. This is done in order to present evidence in a court of law when required.
A vulnerability scanner is an application that identifies and creates an inventory of all systems connected to a network. For each device that it identifies, it also attempts to identify the operating system that is running and the software installed on it, along with other attributes such as open ports and user accounts.
After building up an inventory, the vulnerability scanner checks each item in the inventory against one or more databases of known vulnerabilities. The result is a list of all the systems found and identified on the network, highlighting any that have known vulnerabilities and need attention.
