Forty-two percent of security professionals are concerned with their organisation’s inability to secure physical spaces, according to the Ponemon Institute. That’s not surprising. Buildings, sites, plants and equipment, materials, and other physical assets tend to be largescale, creating a larger physical environment to secure. What’s, then, to be done if your organisation finds it difficult to protect physical assets and people as well as coordinate speedy responses? The answer is clear: build a robust Security Operations Centre to improve your operational security posture.
What’s a Security Operations Centre, exactly? Definitions vary. Broadly speaking, though, a Security Operations Centre provides a platform for detecting and reacting to security incidents.
The actual Security Operations Centre is a facility (physical, virtual, or hybrid) that houses an organised, highly skilled security team. That team relies on operational security management software and well-honed processes to achieve top-line, security objectives.
The security team responsible for carrying out the Security Operations Centre core mission usually includes the SOC manager who heads up operations, engineers, and security analysts. That team will also work closely with the organisation’s Crisis, Emergency Management, and Business Continuity teams to coordinate responses to physical security incidents that become critical events.
The primary duties the team discharges include regularly monitoring and analysing the organisation’s operational security posture. More specifically, the Security Operations Centre team detects, investigates, responds to, and reports on security incidents.
It’s important to note that the Security Operations Centre is an operational unit. That means it’s not responsible for developing security strategy.
In essence, the Security Operations Centre works continuously to manage risks and threats. Of course, those responsibilities don’t cease when the office closes down. And that’s why most Security Operations Centres are open around the clock.
This kind of set up offers a key benefit in terms of centralising security arrangements. It’s clear that advanced equipment and technology alone aren’t enough to achieve operational security goals. If they were, there’d be far fewer physical security incidents, as security procurement went up. Instead, mitigating risks and improving incident preparedness and response call for a security apparatus specifically dedicated to preventing damage, theft, and intrusions, as well as protecting people.
And that’s precisely what Security Operations Centres do so well. They consolidate security expertise and reporting into one centralised location.
Security Operations Centres receive physical security data from the field to furnish a real-time picture of security threats and vulnerabilities. This centralising approach cuts down on the siloing characteristic of security incident management in most large enterprises.
Rather, the Security Operations Centre delivers noticeable gains in visibility, increasing situational awareness of security incidents. Also, when it comes to those security incidents, a Security Operations Centre will help communicate to and interface with other parts of the business who need to be on high alert if a security breach does occur, e.g., Legal and PR.
Another thing: recently, lawmakers and regulators have mandated aggressive security measures, especially in critical infrastructure sectors. A robust Security Operations Centre might go a long way towards ensuring compliance with those mandates, as well as easing any reputational damage that might come following a physical security incident.
Despite the benefits, Security Operations Centre adoption isn’t universal. In fact, 48 percent of companies still don’t have a Security Operations Centre, according to EY’s Global Information Security Survey, 2017-2018.
What’s going on, here? Well, for starters, upfront capital costs for furnishing a Security Operations Centre can be considerable. On balance, though, that financial investment pays for itself in the lower incidence of security mishaps down the line.
There’s also the complexity of conforming with multiple regulations (external as well as internal), as organisations do build out their Security Operations Centre. Lastly, qualified security analysts can be hard to come by.
Overcoming those challenges won’t be a walk in the park. But they are surmountable with the right practices.
As mentioned, security strategy doesn’t come out of the Security Operations Centre. However, the aims of the Security Operations Centre should be consonant with those of the organisation’s overall, operational security strategy – we’ve provided some examples below.
In other words, for the Security Operations Centre to be successful, it must address specific, clearly defined company (and customer) needs. It should also scale to the organisation’s footprint.
C-suite sponsorship of the Security Operations Centre helps in this regard. Though operational security focused, the Security Operations Centre is a cross-functional operation. Typically, only senior executives can ensure that business-specific goals from various departments are incorporated into the Security Operations Centre’s mission. Also: that the Security Operations Centre gets the necessary visibility across a defendable perimeter, be that perimeter comprised of doors, walls, or other physical barriers.
Context-aware threat intelligence helps, here. A Security Operations Centre that first undertakes a detailed site vulnerability assessment is far more likely to be successful than one that doesn’t.
The vulnerability assessment will help Security Operations Centre staff discover gaps in need of greater focus (and protection). The vulnerability assessment will also give the organisation at large more granular knowledge into layout and how employees act within the physical environment.
Further, the vulnerability assessment games out the impact of potential security incidents and their possible effects on security personnel and process operators. Those potential impacts, in turn, help determine your operational security requirements. Those requirements might include:
To be sure, those requirements should be part of the organisation’s incident response framework, upon which the Security Operations Centre will plays a key role executing.
What’s more, the most effective Security Operations Centres are governed by established, rigorous processes. Their staffs are engaged in continuous training that keeps pace with the evolving threat picture.
The Security Operations Centre is one component of a best-practice operational security management program. Here are some of the other best practices for planning and managing your operational security resources.
Source: Department of Homeland Security
Simply building and staffing a Security Operations Centre doesn’t ensure zero physical security incidents. Organisations will still need to take a best-practice approach to operational security management, committing to constant training, developing rigorous processes, implementing standards, and procuring the right integrated risk management and operational security management technology.
Security Operations Centre operators, in particular, often have to manage multiple technology sets at once. But there’s a means of easing the burden. Operational security management software not only keeps operations secure but Security Operations Centre humming along. Just look for the following features when procuring:
That’s not all, though. Looking for the right operational security management software solution? Download our Buyer's Guide to Security Management Software, which takes you through all of the capabilities you’ll need to reduce security incidents and keep people and assets safe.
Published May 19, 2021