Information Security Operations Center

Posted: January 27, 2014 in Articles
Tags: ,

Information Security Operations CenterThis article aims at explaining the structuring, functioning and features of an ISOC.


We conduct our business knowing that our network is safe and secure. We assume that the security service provided on our network is good enough to prevent identity theft and our security service provider will take care of data loss prevention. But we never try to know what’s going on behind the scenes. All of the security service features and loss prevention techniques are implemented at information security operations center.

  • Definition:

In layman terms, information security operations centre is the hub of all security implementations. It is one central location where all your data, system information, security protocols and applications are secured. It consists of all the technicians, engineers, systems, experts and firewalls that make your network a safe place to conduct business. An information security operation center can also be referred by other names like cyber security service center and security intelligence operations center.


  • Technology of an ISOC:

The technology of an information security service center is typically structured around the feedbacks from security audits, data from vulnerability testing and onsite reports. For effective functioning of an information security operations center, s sub system known as security information and event management system is implemented. It is the task of this subsystem to collect all of the feeds from different sources and put them together in a coherent and meaningful manner. In short the security information and event management system takes the data feeds and produces relevant information. This relevant information is then analyzed by the experts and measures are taken to upgrade the already existing security framework.

Information Security Operations Center

  • Enterprise level implementations at ISOC:

It is very likely that a security firm will provide its security services and data loss prevention measures to a number of clients. In such a case it will be highly impractical to implement every service at every individual customer’s site. Hence information security operations center implement the common security features from one central location. Such features include implementing a firewall and antivirus solutions.

A firewall is very important for data loss prevention. It helps the network by guarding against intrusive attacks from outsiders. It also has a reporting feature built in to it that reports any and every attempt of intrusion. Such reported data includes the ip address of the attacker, type of attack, time of attack and persistence of attack. This data can be used to identify potential risks. By analyzing the time and type of attack, experts can predict about the weakest part of the network and the time when it is most vulnerable.

Another feature implemented centrally is that of an antivirus. An antivirus is different from that of a firewall. While firewall guards against any attacks from outside of the network, an antivirus is a security service that guards against malicious elements within the system. It has been noted that when outside intrusive attempts fail, attackers try to plant malicious software within the network. These software collect vital information and transmit it over the network to the attackers. An antivirus is an effective security service against such bots.

David Bray has been a security consultant for the government of the United States of America. He also owns his own security service firm and has clients all over the world.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s