Growing cybersecurity maturity for The University of Cape Town (UCT)
Country South Africa
Services
About CSIRT/SOC
Cyber-attacks to digital infrastructure and assets are globally among the top risks as indicated in The Global Risks Report 2021. Despite various efforts to mitigate, the likelihood of cyber-attacks is continuously increasing not only for private organizations, but also for governments, sectors and even nations:
- Are organization’s/government’s/sector’s/nation’s digital assets secure?
- Is an organization/government/sector/nation able to timely detect and respond to cyber incidents?
- How to ensure and preserve confidentiality, integrity and availability of digital information?
These and related questions arise after facing critical incidents, like leakage of confidential data or a shutdown critical infrastructure facility due to Advanced Persistent Threat (APT) or denial of service attacks.
How do we do it?
The typical NRD Cyber Security baseline for CSIRT/SOC establishment is:
- Performing initial assessment;
- Preparation of a detailed CSIRT/SOC design and implementation plan;
- Preparation (review) of CSIRT/SOC mandate;
- Preparation of technical solutions architecture along with identification and proposal of alternatives for most suitable components;
- Preparation of essential policies and procedures;
- Implementation of technology solutions;
- Training sessions for staff;
- Soft launch;
- Update and upgrade of security operations;
- Official launch;
- Continuous support after the launch.
Depending on the assignment, first actionable results usually come within the 4 months. Please contact us for more detailed CSIRT/SOC implementation plan.
Benefits
NRD Cyber Security establishes actionable, service-based internal, sectorial, and national CSIRTs and SOCs as a turnkey solution for clients. NRD Cyber Security CSIRT/SOC stacks integrate the following vital components:
- Governance: mandate definition along with roadmap and strategy preparation;
- People/skills: providing skills for incident detection and response, threat hunting and digital forensics;
- Processes and services: incident detection and handling using L1/L2/L3 or custom approach, Cyber Threat Intelligence, Threat Hunting, Vulnerability Assessments and Penetration Testing (VAPT), process automation and reporting, standard operating procedures;
- Technologic capability: IDS, SIEMS, LOG, IPS, FW, NGFW, CTI, SD4ID and SOAR tooling;
- Measurements: KPIs, SLAs, applying international best cybersecurity practices, such as SIM3 or SOC-CMM models;
- International recognition: Assessments and introduction to Forum of Incident Response Teams (FIRST.Org), TF-CSIRT community.
Proven track record
In 2015-2019, NRD Cyber Security has successfully established 3 national / government CSIRTs in Bangladesh, Bhutan, and Cyprus, implementing various SOC/CSIRT capabilities building projects in Lithuania, Bangladesh, Egypt and South Africa.
Company experts continuously engage in cybersecurity projects in private sector, academia, and military. NRD Cyber Security is a member of various international organizations, like GFCE, ITU-D, ECSO, FIRST.Org, and Trusted Introducer.
Below you can find 4 different CSIRT/SOC stacks.
Mini
Basic
Effective
Full Scale
Governance
Governance
- Mandate definition
- FIRST.Org membership
- Roadmap and strategy
Governance
- Mandate definition
- FIRST.Org membership
- Roadmap and strategy
Governance
- Mandate definition
- FIRST.Org membership
- Roadmap and strategy
- Orgchart buildout
Governance
- Mandate definition
- FIRST.Org membership
- Roadmap and strategy
- Orgchart buildout
People
People
- Featured CSIRT training
- Limited remote support
People
- Relevant CSIRT training
- Remote support
- SOPs
- Study mission tours
People
- Relevant CSIRT training
- Remote support
- SOPs
- Study mission tours
People
- Relevant CSIRT training
- On-site and remote support
- SOPs
- Study mission tours
Processes and services
Processes and services
- Incident handling service
- Incident handling process
Processes and services
- Incident handling and outreach
- Infrastructure support
- Standard reporting
Processes and services
- Incident handling and outreach, digital forensics, vulnerability management
- Process automation
- Infrastructure support
- Standard reporting
Processes and services
- Full scale CSIRT/SOC services
- Process automation
- Automated custom reporting
- Maturity progress assessment
- Infrastructure support
Measurements
Measurements
- A few KPIs
- No SLAs
Measurements
- Basic KPIs
- SLAs for processes
Measurements
- KPIs system
- SLAs for processes
- SIM3 successful audit
Measurements
- KPIs system
- SLAs for services and automation
- Annual reviews SOC-CMM L3 C1.5
Technological Capability
Technological Capability
- Incident registration and handling
- PGP
Technological Capability
- Incident registration and handling
- Outreach and visualization portal
- Internal support, PGP
- Simple vulnerability assessment
Technological Capability
- Incident detection and handling
- Outreach and visualization portal
- Internal support, PGP
- Simple vulnerability assessment
- Simple video wall
- Simple threat intelligence
- Simple digital forensics
- Simple integration with ex.tooling
- Situational awareness
Technological Capability
- Incident detection and handling
- Outreach and visualization portal
- Internal support, PGP
- Vulnerability assessment
- Video wall
- Threat intelligence
- Digital forensics
- Integration with existing tooling
- Situational awareness and EWS
- Multi-site sensing at CII
Local resources
Local resources
2-5 people
Local resources
5-10 people
Local resources
7-15 people
Local resources
15-45 people
Duration
Duration
9 months
Duration
12 months
Duration
12-24 months
Duration
24-36 months
Ask me <
>
▼
