ResearchSpace
E-CMIRC - towards a model for the integration of services between SOCs and CSIRTs
JavaScript is disabled for your browser. Some features of this site may not work without it.
- ResearchSpace
- →
- Research Publications/Outputs
- →
- Conference Publications
- →
- View Item
E-CMIRC - towards a model for the integration of services between SOCs and CSIRTs
Security Operation Centres (SOCs) and Computer Security Incident Response Teams (CSIRTs) or Computer Emergency Response Teams (CERTs) can play a pivotal role in the monitoring of, and response to threats, attacks and vulnerabilities in organisations, including governments. While the focus of a SOC is on the monitoring of technical security controls and critical assets, and the response to attacks and threats, CSIRTs’ main focus is on response and incident management. One postulation is that a CSIRT or CERT is a highly specialised sub-capability of a SOC, whereas another postulation could be that a SOC serves as an input mechanism into CSIRTs and CERTs. In this paper, the differences between SOCs, CERTs and CSIRTs are established, and synergies between them are defined. This leads to an integrated services model for the establishment of an initial SOC and CSIRT capability in developing countries. Developing countries have unique challenges facing them where it concerns cybersecurity. Aspects such as Information Communication and Technology (ICT) infrastructure are often a challenge, and so is funding for ICT as well as skills. Political instability could also have an influence on the cybersecurity posture of developing countries by leaving developing nations open to malicious state-sponsored attacks. This SOC and CSIRT capability is made viable and possible through the savings in cost and resources by identifying overlapping services, as well as the application of the proposed model. This emergent SOC and CSIRT combined capability is called the Embryonic Cyberdefense Monitoring and Incident Response Center (E-CMIRC). The purpose of this paper is to identify a high-level integrated services model for the E-CMIRC in order to reduce cost and resources which serves as a barrier to entry in developing countries. A scalable operational framework is identified, and for the management of the effectiveness and efficiency, and also to ensure that all aspects of service delivery are considered, the Information Technology Information Library (ITIL) is proposed.
Reference:
Jacobs, P.Von Solms, S. and Grobler, M. 2015. E-CMIRC - towards a model for the integration of services between SOCs and CSIRTs. In: 15th European Conference on Cyber Warfare and Security (ECCWS-2016), July 2016, Munich, Germany, pp 350-360
Jacobs, P., Von Solms, S., & Grobler, M. (2015). E-CMIRC - towards a model for the integration of services between SOCs and CSIRTs. Academic Conferences and Publishing International Ltd. http://hdl.handle.net/10204/8894
Jacobs, P, S Von Solms, and M Grobler. "E-CMIRC - towards a model for the integration of services between SOCs and CSIRTs." (2015): http://hdl.handle.net/10204/8894
Jacobs P, Von Solms S, Grobler M, E-CMIRC - towards a model for the integration of services between SOCs and CSIRTs; Academic Conferences and Publishing International Ltd; 2015. http://hdl.handle.net/10204/8894 .
15th European Conference on Cyber Warfare and Security (ECCWS-2016), July 2016, Munich, Germany. Due to copyright restrictions, the attached PDF file only contains the abstract of the full text item. For access to the full text item, please consult the publisher's website.
This item appears in the following Collection(s)
Browse
-
All of ResearchSpace
-
This Collection
Legislation and compliance
General Enquiries
Tel: + 27 12 841 2911
Email: callcentre@csir.co.za
Physical Address
Meiring Naudé Road
Brummeria
Pretoria
South Africa
Postal Address
PO Box 395
Pretoria 0001
South Africa
Social Connect
Copyright © CSIR 2017. All Rights Reserved
Resources on this site are free to download and reuse according to associated licensing provision. Please read the terms and conditions of usage of each resource.