Our clients manage operational security through two main organizational structures: the SOC, responsible for the detection, qualification and management of incidents; and the CSIRT , who oversees crisis management, digital forensics, technology watch and threat intelligence.
But what are the key levers to optimizing this dual structure—and what are the most promising avenues to shape it for the future? The concept of the Fusion Center offers the elements of an answer.
The respective roles of the SOC and CSIRT haven’t been precisely defined, and some tasks fall where their responsibilities overlap: for example, what is the SOC’s role in crisis management? Or, how can the CSIRT help in detection?