E-CMIRC: Towards a model for the integration of services between SOCs and CSIRTs

Pierre Jacobs, Sebastiaan Von Solms, Marthie Grobler

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

6 Citations (Scopus)

Abstract

Security Operation Centres (SOCs) and Computer Security Incident Response Teams (CSIRTs) or Computer Emergency Response Teams (CERTs) can play a pivotal role in the monitoring of, and response to threats, attacks and vulnerabilities in organisations, including governments. While the focus of a SOC is on the monitoring of technical security controls and critical assets, and the response to attacks and threats, CSIRTs' main focus is on response and incident management. One postulation is that a CSIRT or CERT is a highly specialised sub-capability of a SOC, whereas another postulation could be that a SOC serves as an input mechanism into CSIRTs and CERTs. In this paper, the differences between SOCs, CERTs and CSIRTs are established, and synergies between them are defined. This leads to an integrated services model for the establishment of an initial SOC and CSIRT capability in developing countries. Developing countries have unique challenges facing them where it concerns cybersecurity. Aspects such as Information Communication and Technology (ICT) infrastructure are often a challenge, and so is funding for ICT as well as skills. Political instability could also have an influence on the cybersecurity posture of developing countries by leaving developing nations open to malicious state-sponsored attacks. This SOC and CSIRT capability is made viable and possible through the savings in cost and resources by identifying overlapping services, as well as the application of the proposed model. This emergent SOC and CSIRT combined capability is called the Embryonic Cyberdefense Monitoring and Incident Response Center (E-CMIRC). The purpose of this paper is to identify a high-level integrated services model for the E-CMIRC in order to reduce cost and resources which serves as a barrier to entry in developing countries. A scalable operational framework is identified, and for the management of the effectiveness and efficiency, and also to ensure that all aspects of service delivery are considered, the Information Technology Information Library (ITIL) is proposed.

Original languageEnglish
Title of host publicationProceedings of the 15th European Conference on Cyber Warfare and Security, ECCWS 2016
EditorsRobert Koch, Gabi Dreo Rodosek
PublisherCurran Associates Inc.
Pages350-360
Number of pages11
ISBN (Electronic)9781910810934
Publication statusPublished - 2016
Event15th European Conference on Cyber Warfare and Security, ECCWS 2016 - Munich, Germany
Duration: 7 Jul 20168 Jul 2016

Publication series

NameEuropean Conference on Information Warfare and Security, ECCWS
Volume2016-January
ISSN (Print)2048-8602
ISSN (Electronic)2048-8610

Conference

Conference15th European Conference on Cyber Warfare and Security, ECCWS 2016
Country/TerritoryGermany
CityMunich
Period7/07/168/07/16

Keywords

  • CSIRTs
  • Developing countries
  • SOCs
  • Security
  • Service integration

ASJC Scopus subject areas

  • Information Systems
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'E-CMIRC: Towards a model for the integration of services between SOCs and CSIRTs'. Together they form a unique fingerprint.

Cite this