Best Practices for Setting Up Your GSOC
Whether you’re establishing your firm’s first Global Security Operations Center (GSOC), including a co-located Network Security Operations Center (NSOC) or refreshing your current GSOC’s and/or NSOC’s capabilities, here are my recommendations for success.
Interview your stakeholders on what they expect from their GSOC. This may include your organization’s C-suite executives, human resources, general counsel, IT, the heads of all your business units and anyone else who should be expecting support from your team. If this position is staffed at your firm, your chief information security officer (CISO) can be an invaluable ally in this pursuit; collaboration during these first efforts will greatly improve integration of your physical and information and cyber security efforts.
Educate all stakeholders on what a GSOC can and should do for them during these interviews. Inevitably, some colleagues will not be fully aware of the wide range of capabilities a GSOC can cover. This is your chance to connect with your business leaders, manage expectations, and build relationships by discussing these critical elements – as well as how they can integrate with their NSOC counterparts.
Typical GSOC responsibilities
Facility security, access control and overall security systems administration
Incident management, up to and including crisis management and crisis communications
Duty of care, including executive security and travel security for all employees
Business resilience, domestically and globally, including disaster recovery
Global situational awareness of potential impacts to the business around the world
Additional support to other parts of the organization; often the GSOC is the only part of the business that is open 24/7
Compile all desired capabilities across all program areas, then identify and price the resources needed to execute. This is your prelude to creating budgets for basic, robust and best-in-class GSOC options – using primary and secondary resource options ranked by quality and cost – for your executives to consider. Resources should include: infrastructure and equipment i.e. real estate with redundant utilities, communications and software, data sources such as risk analysis or weather information, and personnel capable of designing and executing clear security procedures.
Prioritize your GSOC resource options according to the outcomes you want to achieve over time. A basic GSOC may serve the needs of your organization at present, but as your business grows, so too must its risk management program. Your budget decisions should reflect this in the short, medium and long term. For example, while it may be perfectly acceptable to utilize third-party providers for interpreters and political risk analysts at present, if your firm expands significantly you may want to add dedicated resources in the future so they are more readily available as they are more frequently needed.
Allocate the approved resources, build your GSOC (and accompanying NSOC) and go live! As you manage your center(s), ensure that you work towards your short-term (e.g. six months), medium-term (e.g.one year) and long-term goals (longer than one year) in terms of your program’s abilities. As your business and the industry it serves evolve in both complexity and risk, so too should your procedures, through consistent internal communications with stakeholders that spur continuous improvement and help ensure a successful GSOC.
Read more about GSOCs in our March cover story: Creating the GSOC: 4 Leading Examples of Successful Security Operations Centers