Whether your business is global or local, at some point real-time security information and operations will be vital to the continuity of your business. Some larger companies have created a Global Security Operations Center (GSOC) that may also include regional centers. Other firms create a Security Operations Center (SOC) that helps manage security and resources within a single state or region. For this article we will use the term SOC for simplicity, as not all companies are global in footprint.
This article will provide some insight into some of the considerations our clients have wrestled with, the GSOC/SOC benefits they seek, and some steps we use to design a SOC.
The Security Operations Center (SOC) – A Good Business Practice
THE BRIEF HISTORY
For over 75 years government agencies and other entities learned the value to the organization provided by a central nerve center. A center that monitors various technology systems, live situations, or events, protects and directs personnel resources, and provides a hub for the organization’s quick response to a wide range of events that require immediate attention. Military organizations the world over utilize the principles of Command and Control.
While we were all impressed with NASA’s “Mission Control Center” during a space mission launch, crisis situations like the “Bay of Pigs” operation requiring a Global Security Operations Center (GSOC), and post-9/11 US Transportation Security Administration (TSA) new operations centers to communicate, collaborate, and coordinate, may not be so well known.
There are many types of operations centers, and today they include:
THE PURPOSE OF THE SECURITY OPERATIONS CENTER (SOC)
More than any time in our history, business entities face an infinite number of internal and external threats and risks. We have deployed various security technologies to help protect our staff, visitors, and assets:
Post-9/11 the proliferation of security technology created an array of challenges, such as:
The Security Operations Center (SOC) provides the place for organizations to monitor developing situations, analyze the risks in real-time, and proactively respond before something becomes a crisis. As crisis response is extremely costly, the investment in a SOC helps conserves corporate resources, while clustering them to realize a savings.
CONTEMPORARY BUSINESS REQUIREMENTS
The mission control center is no longer something just for NASA or rocket scientists. Today’s SOC serves a set of vital functions that are common to many other business operations. Just as various business units will monitor a variety of business requirements and respond to them, the SOC helps apply the same business process to all matters related to security.
Just as the Finance Department monitors federal, state, and local regulations, taking appropriate proactive actions to keep the organization in compliance, the SOC monitors information in real-time, analyzes this data, and coordinates a measured response to protect people and assets proactively. Today’s business environment requires a high degree of internal and external situational awareness.
Building A SOC – Modern Cost and Risk Factors to Consider:
DUTY OF CARE
The US Department of Labor’s Occupational Safety and Health Administration (OSHA) have enforced standards, rules, and regulations in the workplace since the Occupational Safety and Health Act of 1970 (OSH Act). Over the past few years, with workplace violence on the rise, OSHA and numerous court decisions have shined a spotlight on the OSH Act’s “General Duty” Clause (Section 5(a)(1).
It is now recognized that “Employers have a responsibility to provide a safe workplace”. This requirement is applicable to physical work spaces, as well as employees working off-site and traveling on company business.
From OSHA Guidance to Industry:
“Under the General Duty Clause, Section 5(a)(1) of the Occupational Safety and Health Act of 1970, employers are required to provide their employees with a place of employment that is “free from recognized hazards that are causing or are likely to cause death or serious harm.”
The courts have interpreted OSHA’s general duty clause to mean that an employer has a legal obligation to provide a workplace free of conditions or activities that either the employer or industry recognizes as hazardous and that cause, or are likely to cause, death or serious physical harm to employees when there is a feasible method to abate the hazard.”
“An employer that has experienced acts of workplace violence, or becomes aware of threats, intimidation, or other indicators showing that the potential for violence in the workplace exists, would be on notice of the risk of workplace violence and should implement a workplace violence prevention program combined with engineering controls, administrative controls, and training.”
While a SOC will greatly assist the organization to address Duty of Care in a professional and responsive manner, this comprehensive business approach will clearly show proof of the organization’s commitment to protect people, assets, data, and places.
WHAT THE SOC PROVIDES TO THE ORGANIZATION
Resources – The SOC is a place where all the resources of the organization are known and can be deployed quickly. From alerts of temperature issues in IT server rooms, to a broken pipe causing flooding within a building, the timely awareness and hailing of repair resources can salvage vital business assets. Whatever the problem or event, the SOC operator will have a ready list of response resources to call always to mitigate any active threat. While it is not advisable to flood SOC staff with numerous non-security responsibilities, business unit functions that are directly related to security and life safety, can be supported by the SOC.
Readiness – An organization that commits to a SOC is affirming its dedication to readiness. While other organizations may switch to “panic mode” and fumble to respond appropriately, the design, data feeds, SOC Operator training, and testing will ensure organizational readiness 24/7/365. The introduction of smart security tools such as recognition, AI, analytics, and other new or next version technologies allow the SOC to work smarter, with an additional level of readiness. Continuous Prevention is the organizational and SOC objective.
Proactiveness – The very nature of the SOC is to be the organization’s alert apparatus always and provide the proactive response mechanism that provides a steady and knowledgeable operation of trust. Apart from responding to any developing crisis, the SOC can provide helpful and sometimes lifesaving information to staff. This information and communications could be related to pending severe weather, the sudden shift of a wildfire, or a traffic incident with a mass warning to impacted staff, allowing for a detour or avoidance, for safe passage to work.
COST BENEFIT TO THE ORGANIZATION
A Security Operations Center will be a valuable tool to the organization through the provision of Continuous Prevention. In addition to the many functions the SOC actively delivers to keep people, data, and assets safe and secure, the SOC presents opportunities for cost savings.
An example of cost savings would include a strategy to deploy Remote Assessment. As the SOC is built out, strategically placed cameras with audio capabilities can be integrated with remote controllable hardware, and possible mobile devices that allow a single security officer in the SOC to preform Remote Assessment of many doors and locations around the entire campus. The technology becomes a force multiplier, thereby reducing the costs associated with manned security, while providing an enhanced level of protection to the organization.
Monitoring and analysis of data is a real-time function of the SOC. Some of the data being scrutinized are intrusion detection/alarm system. A SOC operating 24/7/365 can assess these alarms and determine legitimate from false alarm, thereby reducing the costs associated with false alarm response.
In support of a workplace violence / active threat prevention program, inexpensive duress technology can be incorporated into the current prevention plan to raise the bar in providing proactive actionable intelligence prior to a full-blown event. This is a very important life safety benefit that can be delivered by the SOC systems and staff.
Whether staff are working remotely or in an isolated area of the main campus, the SOC can provide an immediate link to remote or isolated working staff through many voice and signal technologies. The SOC increases compliance with General Duty of Care provisions, while providing a potential lifeline and peace of mind to isolated or remote working staff.
SAMPLE IMPLEMENTATION PROCESS AND CONSIDERATIONS
Depending on the client and their needs and desires, PRS follows this flexible process. It is provided here to give you an idea of the planning process. If you have not yet selected a site for your GSOC/SOC, then one of your first missions will be to conduct an All Hazards Assessment of the possible sites, in order to narrow the choice. If your SOC operations are critical to your business and you require 99.999% reliability and up-time, then careful site selection will be even more critical. The Public Safety Access Point (PSAP) / 911 Center is generally a post-disaster facility with redundant utility runs from two or more compass directions. If 99.000% (or 5 nines) is necessary, then you need to soberly consider your site, threats, risks, and vulnerabilities, as well as the ease of running redundant utilities and systems.
SAMPLE PHASED IMPLEMENTATION
Phase 1 – SOC Conceptional Design Process
The Security Operations Center project would take a conservative phased approach. Initially, a SOC Conceptional Design Process will seek to quantify technical needs with rough order of magnitude budget, functional requirements, as well as to document SOC operational expectations will. This initial phase will flow as follows:
Numerous important design considerations will be assessed and research, with deliverables to include a Security Operations Center Conceptual Design Document that answers:
Phase 2 – First Layer Build-out and Integration
During this phase the initial build-out of the physical space for the SOC will take shape and integrate perimeter video and intrusion detection system. As the organization benefits from this initial layer of situational awareness and continual prevention, the systems will be incorporated and expanded to other locations and terminated into the SOC, as costly manual or manned processes are eliminated.
As project phases and budgets are approved, the holistic SOC will seek to incorporate:
This process sample should help you with your planning and building of a business case. If done properly, the GSOC/SOC can be the crown jewel of your security organization. Proving its value and active vigilance that will prove vital to your business. By directly connecting the business with security, you will be well on your way to building a a contemporary corporate security organization that will stand the test of time.