Setting up an Security Operations Center (SOC) A step by step - - PowerPoint PPT Presentation

setting up an security operations center soc a step by
SMART_READER_LITE
LIVE PREVIEW

Setting up an Security Operations Center (SOC) A step by step - - PowerPoint PPT Presentation

Sep 14, 2023 552 likes •908 views

Ministry of Science, People First, Performance Now Technology and Innovation Setting up an Security Operations Center (SOC) A step by step approach Abdul Rahman Mohamed Abdul Rahman Mohamed VP, IT Strategy, Risk & Delivery Group IT,

slide-1
SLIDE 1

People First, Performance Now Ministry of Science, Technology and Innovation

Setting up an Security Operations Center (SOC) – A step by step approach

Abdul Rahman Mohamed Abdul Rahman Mohamed VP, IT Strategy, Risk & Delivery Group IT, Malaysia Airlines 07 November 2012

slide-2
SLIDE 2

People First, Performance Now Ministry of Science, Technology and Innovation

My apology…. I am standing between you and home sweet home. I’ll be On-Time.

slide-3
SLIDE 3

People First, Performance Now Ministry of Science, Technology and Innovation

About the speaker…

  • 19 years of experience
  • 19 years of experience
  • Was CISSP and CISM
  • Oil and Gas, Banking and

Consultancy

  • IT Strategy & Transformation,

Governance, Risk & Security, IT Service Delivery, Project Management Management

slide-4
SLIDE 4

People First, Performance Now Ministry of Science, Technology and Innovation

We are here to share our experience…

  • In setting up an internal SoC, as well as its

journey and evolution

  • Its value to our business
  • The lesson learned
  • DISCLAIMER: It works for us.
slide-5
SLIDE 5

People First, Performance Now Ministry of Science, Technology and Innovation

Allow me to introduce the Air Travel Industry….

slide-6
SLIDE 6

People First, Performance Now Ministry of Science, Technology and Innovation

The Airline industry is glamorous, and a quick way to lose money…..

“How do you become a millionaire ? First become a Billionaire First, become a Billionaire, then you run an Airline” – Sir Richard Branson

slide-7
SLIDE 7

People First, Performance Now Ministry of Science, Technology and Innovation

Group IT is the enabler and IT partner of THE PREFFERED PREMIUM CARRIER…

Stockholm Bergen

2 + 6

Data Centers

(incl MHNet, SITA, Enrich)

2 + 6

Data Centers

(incl MHNet, SITA, Enrich)

Rome Madrid Barcelona Geneva Milan

Brussels

Frankfurt London

Leeds

Gothenburg Stavenger Oslo Stockholm Helsinki Copenhagen Bergen Sandefjord

Aberdeen Teesside Manchester Edinburgh Dublin Belfast Glasgow Amsterdam

Seoul Inch’on Tashkent Vienna Munich Beijing

56

applications

56

applications

M il Bahrain Muscat Athens Madrid Yangon Seoul Tokyo Nagoya Kansai Hanoi Inch’on Doha Fukuoka Shanghai Hong Kong Beijing Guangzhou

16K

IT Devices

16K

IT Devices

14-15 mil

Pax /annum

(2010/11)

14-15 mil

Pax /annum

(2010/11)

Kota Kinabalu Manila Cebu Dar es Salaam Medan Phuket Jakarta Langkawi Penang Bangkok Siem Reap Ho Chi Minh Singapore Colombo Phnom Penh

KUALA LUMPUR

Kuching

Over 90 Stations

(MW,FY,MH)

Over 90 Stations

(MW,FY,MH)

45 FTEs 45 FTEs

Surabaya G ld C Sunshine Coast Fraser Coast Rockhampton Mackay Hamilton Island Townsville Cairns

Brisbane

Durban Windhoek, NAMIBIA Harare, ZIMBABWE Victoria Falls, ZIMBABWE Maputo MOZAMBIQUE TANZANIA

Johannesburg

Gaborone, BOTSWANA Denpasar Darwin Broome Mauritius

Over 12

Key IT Partners

(out of 84)

Over 12

Key IT Partners

(out of 84)

20K

Staff

20K

Staff

Canberra

Sydney

Newcastle Coffs Coast Ballina Byron Gold Coast Port Elizabeth East London Maseru, LESOTHO

Perth Adelaide Melbourne

Launceston Hobart

Figures per December 2011

slide-8
SLIDE 8

People First, Performance Now Ministry of Science, Technology and Innovation

Lets get to the actual presentation

slide-9
SLIDE 9

People First, Performance Now Ministry of Science, Technology and Innovation

The steps that we took in establishing the SoC….

  • Find the right resources
  • Find the business value of your SoC
  • Get the Sponsors and know your

stakeholders

  • Begin with the end in mind
  • Begin with the end in mind
  • Start small
  • Leverage

Leverage

  • Can pause but keep evolving
  • “Marketecture”
slide-10
SLIDE 10

People First, Performance Now Ministry of Science, Technology and Innovation

In any endeavors, we have to have the right resource for the job that meet the following criteria:

1

“Committed to Integrity; Committed to Performance and Committed to Change.”

Jeff Immelt CEO GE CEO, GE

slide-11
SLIDE 11

People First, Performance Now Ministry of Science, Technology and Innovation

“There is no such thing as an IT project there is only business project” project, there is only business project Paul Coby Paul Coby Ex CIO British Airways

slide-12
SLIDE 12

People First, Performance Now Ministry of Science, Technology and Innovation

“Else… You syok di i” sendiri” Abdul Rahman Mohamed Future CIO

slide-13
SLIDE 13

People First, Performance Now Ministry of Science, Technology and Innovation

We established the SoC for the airline business….

2

  • Alignment with corporate strategies and Business

Transformation Plan (BTP2):

  • No compromise on safety and security
  • No compromise on safety and security
  • Serve Customer, Make Money, Save

Money

  • Compliance with regulatory requirements (local and

international) e.g. Anti Trust/Competition Law, Data Privacy, PCI, National Cyber Security Policy (NCSP) y, , y y y ( )

  • Increase in IT Outsourcing activity and the need for

near realtime transparency

slide-14
SLIDE 14

People First, Performance Now Ministry of Science, Technology and Innovation

The projects was actually owned by Corporate The projects was actually owned by Corporate Security but funded by IT….

Board Safety and Security Committee

3

Group IT CSSHE*

Management Committee Board Safety and Security Committee

Corp. Risk Advisory Services IT Service Delivery CSSHE

Info/IT

Services

Corporate Security

IT Strategy & Governance Information Risk & Security

Risk Mgmt Security Operations Business Assurance

Audit & Business Advisory SITO***

  • Corp. Security
  • Corp. Risk &

G

IT Security Operations

SACC**

Security Assurance

  • Corp. Security

Governance

Operations

* Corporate Safety, Security, Health & Environment ** Security Assurance Control Center *** Strategic IT Outsourcing

slide-15
SLIDE 15

People First, Performance Now Ministry of Science, Technology and Innovation

There are external stakeholders as well….

Board Safety and Security Committee

Group IT CSSHE*

Management Committee Board Safety and Security Committee

Corp. Risk Advisory Services IT Service Delivery CSSHE

Info/IT

Services

Corporate Security

IT Strategy & Governance Information Risk & Security

Risk Mgmt Security Operations Business Assurance

Audit & Business Advisory SITO***

  • Corp. Security
  • Corp. Risk &

G

IT Security Operations

SACC**

Security Assurance

  • Corp. Security

Governance

Operations

* Corporate Safety, Security, Health & Environment ** Security Assurance Control Center *** Strategic IT Outsourcing

slide-16
SLIDE 16

People First, Performance Now Ministry of Science, Technology and Innovation

O bli h d h b i j ifi i Once we established the business justification, we would envision the end in mind….

4

slide-17
SLIDE 17

People First, Performance Now Ministry of Science, Technology and Innovation

This is half of your journey….

slide-18
SLIDE 18

People First, Performance Now Ministry of Science, Technology and Innovation

We started our journey with a 5 year vision….

PHASE 1 PHASE 2 PHASE 3 PHASE 4

  • Policy Alignment

Link with Corp Security

  • Comprehensive view

Link dashboard to external/ icy

  • Corp Info Security Policy

Information Security

  • Integrate with

corporate

PHASE 1

Assurance and visibility to Business

PHASE 2

Integration to Business

PHASE 3

Optimized for Stakeholder’s Confidence in IT Controls

PHASE 4

Integration to Corporate GRC

  • IT Compliance Mgmt
  • Sec Incident & Event

Mgmt

  • Link with Corp Security

dashboard

  • Link dashboard to external/

service provider Poli

  • Information Security

Dashboard

  • Content Security Services
  • Svc Provider assessment
  • IT Risk Management
  • Info Leakage Prevention
  • Digital Rights Mgmt
  • Identity & Access Mgmt

ess / Tech corporate GRC framework Mgmt

  • Threat Vulnerability Mgmt
  • Assurance testing
  • Awareness: Classroom
  • IT Risk Management
  • IT Assets Mgmt
  • Handbook, Video
  • Identity & Access Mgmt
  • Info Retention & e-

Discovery

  • E-Awareness, Portal

Proce Te People

  • Certification
  • Assurance of control

effectiveness

  • Integration with

corporate security

  • Integration of security

processes and technology sults / enefits P

  • Transparency
  • Visibility
  • Information Security

visible at Corp. Security business objectives

  • Obtain stakeholder’s

confidence Res Be

slide-19
SLIDE 19

People First, Performance Now Ministry of Science, Technology and Innovation

I li hi l d B In reality, not everything goes as planned…. But stick to it

PHASE 1 PHASE 2 PHASE 3 PHASE 4

  • Policy Alignment

Link with Corp Security

  • Comprehensive view

Link dashboard to external/ icy

  • Corp Info Security Policy

Information Security

  • Integrate with

corporate

PHASE 1

Assurance and visibility to Business

PHASE 2

Integration to Business

PHASE 3

Optimized for Stakeholder’s Confidence in IT Controls

PHASE 4

Integration to Corporate GRC

  • IT Compliance Mgmt
  • Sec Incident & Event

Mgmt

  • Link with Corp Security

dashboard

  • Link dashboard to external/

service provider Poli

  • Information Security

Dashboard

  • Content Security Services
  • Svc Provider assessment
  • IT Risk Management
  • Info Leakage Prevention
  • Digital Rights Mgmt
  • Identity & Access Mgmt

ess / Tech corporate GRC framework Mgmt

  • Threat Vulnerability Mgmt
  • Assurance testing
  • Awareness: Classroom
  • IT Risk Management
  • IT Assets Mgmt
  • Handbook, Video
  • Identity & Access Mgmt
  • Info Retention & e-

Discovery

  • E-Awareness, Portal

Proce Te People

  • Certification
  • Assurance of control

effectiveness

  • Integration with

corporate security

  • Integration of security

processes and technology sults / enefits P

  • Transparency
  • Visibility
  • Information Security

visible at Corp. Security business objectives

  • Obtain stakeholder’s

confidence Res Be

slide-20
SLIDE 20

People First, Performance Now Ministry of Science, Technology and Innovation

We start small and called our SoC – Security Assurance Control Center (SACC) using “Subscription on-site” 5

Security Assurance Control Center Assurance Monitoring Assurance Testing Unplanned Assurance g

  • ard

Policy Compliance g st Internal & External Penetration test S i IT S i p eement Additional Device For Monitoring g & Dashbo Threat & Vulnerability Management S it dule of Tes Network Services Attestation Station IT Security Posture f Price Agre Additional Testing Services Forensic Reporting Security Event Management Incident R Sched Web Application code assurance Social Engineering chedule of Forensic services Other security services Response Engineering Drill Sc By man day rate

slide-21
SLIDE 21

People First, Performance Now Ministry of Science, Technology and Innovation

We did not own the tools, license, resources and servers. We own the information and results only.

Security Assurance Control Center Assurance Monitoring Assurance Testing Unplanned Assurance g

  • ard

Policy Compliance g st Internal & External Penetration test S i IT S i p eement Additional Device For Monitoring g & Dashbo Threat & Vulnerability Management S it dule of Tes Network Services Attestation Station IT Security Posture f Price Agre Additional Testing Services Forensic Reporting Security Event Management Incident R Sched Web Application code assurance Social Engineering chedule of Forensic services Other security services Response Engineering Drill Sc By man day rate

slide-22
SLIDE 22

A it i li d ll iti l Assurance monitoring ensures compliance and all critical devices at HQ and stations are sufficiently protected

Assurance Monitoring d

Policy C li

IBM iMac iMac

& Dashboard

Compliance Threat & Vulnerability Management

l a t i g i d l a t i g i d l a t i g i d l a t i g i d l a t i g i d iMac

Reporting &

Security Event Management Incident Incident Response

IT IT Helpdesk Threat Mgmt Center

slide-23
SLIDE 23

A t ti i t id th it i f th Assurance testing is to provide the security view from the perpetrators for security improvements

Assurance Testing

Internal &

Tester f Test

Internal & External Penetration test Station IT Security Posture

IBM l a t i g i d l a t i g i d l a t i g i d iMac iMac iMac

Schedule of

Network Services Attestation Web Application code assurance

l a t i g i d l a t i g i d

Social Engineering Drill

Tester

slide-24
SLIDE 24

People First, Performance Now Ministry of Science, Technology and Innovation

We also leverage on other’s capabilities, locally…

6

MoU between Malaysia Airlines and CyberSecurity Malaysia

slide-25
SLIDE 25

People First, Performance Now Ministry of Science, Technology and Innovation

We also leverage on other’s capabilities, internationally.

MoU between Malaysia Airlines and Tata Consultancy Services

slide-26
SLIDE 26

People First, Performance Now Ministry of Science, Technology and Innovation

A ti d li did f t i As mentioned earlier, we did pause for certain capabilities but we continue to evolve into IT Control Tower

7

Control Tower

Security Assurance Control Center

IT Control Tower

Assurance Monitoring d Policy Compliance Assurance Testing Internal & External Penetration test Unplanned Assurance ment Additional Device For Monitoring

RealITy Dashboard Reports Support Teams

porting & Dashboard Threat & Vulnerability Management Security Event Management Schedule of Test Network Services Attestation Web Application code assurance Station IT Security Posture dule of Price Agreem Additional Testing Services Forensic services

Support Teams All Vendors

ESM MH M TM IT IS S

Re Incident Response code assurance Social Engineering Drill Sched Other security services By man day rate

M Team Mail Team M Team S Team Security Team

slide-27
SLIDE 27

People First, Performance Now Ministry of Science, Technology and Innovation

IT Control Tower uses more comprehensive tools which IT Control Tower uses more comprehensive tools which focuses on end to end IT services including Security and Compliance

slide-28
SLIDE 28

People First, Performance Now Ministry of Science, Technology and Innovation

T lk h lk i ll i lk h Talk the walk is equally important to walk the talk… We need to “marketecture”.

8

  • We communicate our findings to
  • Board Safety and Security Committee - Quarterly
  • Accountable Managers Meeting - Quarterly

Accountable Managers Meeting Quarterly

  • IT Management – Monthly
  • Participate in Cyberdrills with MKN and CyberSecurity Malaysia

p y y y y

  • Repels targeted attacks on Malaysia Airlines on 1 July 2012 (16 hours)

f f G C G

  • Visits from fellow GLCs and Government agencies
slide-29
SLIDE 29

People First, Performance Now Ministry of Science, Technology and Innovation

IT Security Index Global Threat and Vulnerability Virus Protection Index IT Security Index y

Overall VPI -98.93 %

Overall - Low Overall - Low

Status as on : July 2012 Report Status as on : July 2012 Report Status based on : July 2012 Report

SPAM Filt i I d IT Security Policy Compliance IT S it I id t SPAM Filtering Index IT Security Policy Compliance IT Security Incidents Overall SFI – 81.6 %

Overall IT SPC – 87.81 %

Overall - Medium

Status based on : July 2012 Report Status as on : July 2012 Report Status as on : July 2012 Report

slide-30
SLIDE 30

People First, Performance Now Ministry of Science, Technology and Innovation

W d d f h I f i S i We were awarded for the Information Security project of the year 2009

slide-31
SLIDE 31

People First, Performance Now Ministry of Science, Technology and Innovation

We were awarded for the IT Visionary Award for Asia South 2008

slide-32
SLIDE 32

People First, Performance Now Ministry of Science, Technology and Innovation

I 2010 l f h li i i i i In 2010, as a result of the earlier initiatives, we won more awards… It is nice to be appreciated.

  • CIO of the year
  • CIO of the year
  • Deputy Minister

Award

  • Information Security

y projects of the year – PCI-DSS

slide-33
SLIDE 33

People First, Performance Now Ministry of Science, Technology and Innovation

As a Recap…

  • Find the right resources
  • Find the business value of your SoC
  • Get the Sponsors and know your stakeholders
  • Begin with the end in mind
  • Start small but shout big
  • Start small but shout big
  • Leverage
  • Can pause but keep evolving

Can pause but keep evolving

  • “Marketecture”
slide-34
SLIDE 34

People First, Performance Now Ministry of Science, Technology and Innovation

Thank you Thank you