Security Operations Centers (S.O.C.)

The S.O.C. team is responsible for the operational component of enterprise information security. Security operations center staff is comprised primarily of security analysts who work together to analyze, detect, respond to, report on, and prevent cybersecurity incidents as well as doing containments, forensics, and remediations if an incident has happened. The first step in establishing a S.O.C. is to identify assets and doing a cyber assessment across the organization in order to define a strategy that incorporates business-specific goals from various departments. Along the strategy, a SIEM system to collect events from the sensors (such as firewalls, Industrial control systems,  endpoints …) will be installed. The security operations center monitors incoming events being marked as alerts and distinguishes them between false positives and positives. The team either responds directly to the positives or send them to the deeper S.O.C. levels (Tier 3,4) for further investigations. The S.O.C. either directly eliminates incidents or assists the organizational incident response teams to fix them.


Spear-Phishing is a type of Phishing, in form of a targeted attack. Cybercriminals thereby send emails to targeted individuals, which contain e.g. an attachment with malicious software or a link that downloads malicious software. Unlike Phishing attacks whereby e.g. emails are usually sent to masses of people and all have the same format, Spear-Phishing often involves emails in disguise, which look legitimate as they seem to be sent by a person or organization the receiving party knows.


Spoofing is a practice of cybercriminals whereby they pretend to be a known source to the user or receiver of a message and trying to obtain sensitive information. Common forms of spoofing include e-mail spoofing, IP spoofing, and website spoofing.


Spyware is a type of malicious software used by cybercriminals to spy on individuals and thereby gain access to sensitive information.