global security operation center “gsoc” best of … security operation ... for additional...
TRANSCRIPT
Global Security Operation Center “GSOC” Best of Breed Opinion Basic requirements for a best in class Global Security Operation Center.
CONSULTING AND INVESTIGATIONS DIVISION The Consulting and Investigations (C&I) Division is part of one of the largest security companies in the United States. With a customer-centric approach that integrates risk management and enterprise security solutions, the company provides consulting and investigations expertise to long-standing customers in a variety of industries. The C&I Division supports customers through direct operating locations in the U.S., Canada, Central, Latin and South America, with local and global capabilities in more than 125 countries through dedicated resources. C&I services include due diligence, business intelligence, security/business continuity assessments, executive protection and transportation security, asset and intellectual property protection, and many other risk mitigation services that augment contract security services. For additional information regarding our full range of national security services, please call: 305.373.8488 or 800.452.1622.
Los Angeles • New York City • Chicago • Miami • Atlanta • Dallas • Montreal • Mexico City • Bogotá • Buenos Aires
GSOC Best of Breed Opinion February 2014 © 2014 Andrews International, L.L.C Page 1 of 5
Global Security Operation Center “GSOC”: Best of Breed Opinion This document highlights key requirements for the foundation of a best in class Global Security Operation Center (GSOC). A GSOC has diverse components and has to be extremely versatile, requiring synergistic coordination of many tools to work effectively. The key features described in this document offer a high level guide to achieve a comprehensive system for successfully building, maintaining, and running a GSOC.
Concept of Operations Defining the charter or Concept of Operations (CONOPS), the role of the GSOC, is the first basic step of planning a GSOC, and should act as a compass for technology selections and deployments. Prioritizing the functions and expected deliverables will drive standards and requirements relating to GSOC tools and resource allocation. Identifying and responding to risks is typically the central role of the GSOC, necessitating monitoring of a range of systems from facility security and life safety systems, to critical equipment and travel risk. Monitoring access control systems is often at the center of GSOC monitoring activities. Defining this as a priority means the GSOC must have the ability to receive and respond to alarms in the most effective way possible. Requirements become clear when establishing the tools necessary to meet these operational monitoring needs. Response times, capacity, and quality can all be improved when the right tools are in place, directly impacting costs and performance. To operate at optimal efficiency, access control systems must have robust integrations allowing for automation, converging data sources such as video, device mapping, and automated logic, into actionable intelligence. Identifying the global system configuration may reveal multiple access control systems, which require a more specialized Physical Security Information Management (PSIMS) tool to integrate and filter data into the GSOC.
System Standards and Technology Roadmap During the deployment stage of the GSOC toolbox, the development of system standards and a technology roadmap has proven essential to successful program implementation and continuity. This ensures that as the system grows, it does so in an organized and sustainable way. Developing these standards requires enforcement, which often involves partnering with other organizations within the company during expansion projects. This can be critical. Having standards available to the GSOC and the global team clarifies goals and team and individual roles, sets expectations, enforces accountability and increases operational efficiency. This works best when standards are centralized and accessible through an online portal, or a SharePoint site.
GSOC Best of Breed Opinion February 2014 © 2014 Andrews International, L.L.C Page 2 of 5
Program Optimization It’s important to understand when to make the investment in enterprise solutions, and when to find cost effective solutions that achieve the equivalent. For example: leveraging a virtual KVM switch and an industry standard commercial video card to manage a video wall instead of solution with a physical switcher, costly proprietary hardware and an expensive graphical user interface (GUI) may achieve the desired result with a more cost effective alternative design. In other cases, strategic investment in additional resources may result in the best optimization of GSOC function. Establishing a priority for global threat monitoring, for example, might require tools that an organization such as iJET1 provides, offering 24x7 tracking and analyzing potential threats as well as trusted crisis management and response tools. Visual Command Center by IDV Solutions2, another example, provides the ability to visualize data while analyzing trends and finding patterns. By searching through historical data and pulling together both external threat data along with internal data such as company internal databases, the result is a convergence of valuable actionable intelligence from divergent sources -‐ all linked into one cockpit view for the GSOC to analyze.
System Health Maintaining the system is as important as building it. Ensuring a tracking system is in place enables a GSOC to score the system, identify problems, and establish a transparent system health level. Operational status can be determined on thousands of cameras by detecting if they are online, if they are programmed to do so in the IP digital video management system. Tracking access control activity through automated reports allows for data analysis to identify major inefficiencies in the system. This tracking could also identify building utilization and support cost control for HVAC, in a facilities maintenance/equipment monitoring use.
1 iJET International, Inc. (iJET)– an Annapolis, Maryland-‐based company – helps multinational organizations monitor, protect against, and respond to global threats. iJET is a long-‐standing alliance partner that works with the C&I Division to develop “best-‐of-‐breed” programs for integration and management of “next generation” Global Security Operations Center (GSOC).
2 Visual Command Center software helps organizations achieve this mission by uniting data from external sources, enterprise systems, and internal devices into a real-‐time, common operating picture of risk and security. It provides organizations with a practical approach to managing risk—a consolidated view to identify, interrogate, and initiate action.
GSOC Best of Breed Opinion February 2014 © 2014 Andrews International, L.L.C Page 3 of 5
An effective global repair and maintenance program is required to ensure all of the GSOC resources and tools are working as expected. In the GSOC environment, devices will experience problems all over the world, so a strong partnership with a systems integrator is essential. Language barriers, regulatory requirements, cultural differences, local customs, and inconsistent installation can make this very challenging. Having comprehensive maintenance guidelines documented and available online for regional managers is important to ongoing success. Mapping maintenance processes is the crucial first step in developing a sustainable maintenance program. Once the detailed standards are established, effective project management followed by a thorough commissioning process must be maintained.
GSOC Resil iency Ensuring 100% uptime is critical to a GSOC as it is a truly global helpdesk for safety and security. Having a “hot” redundant center or regional centers is recommended. The data also needs to be replicated, as many regional server models break up the data, which does not allow for enterprise-‐wide visibility from any one single GSOC. In trying to achieve this, systems do not always offer “hot-‐swap” servers redundancy. If an enterprise’s IT department does not have a robust resiliency plan, EMC3 has exceptional trusted tools that provide this solution.
Cyber-security and Intell igence Our Nation’s critical infrastructures are composed of public and private institutions in a wide range of sectors that drive the economy and quality of life in our nation. The information highway has become the nervous system that controls our steady flow of commerce. A large portion−approximately 85%− of critical infrastructure is in the control of private hands. Cyberspace is composed of hundreds of thousands of interconnected computers, servers, routers, switches and fiber optic cables. The health of cyberspace and stability of individual enterprise’s information networks is essential to the financial well-‐being of the nation’s critical organizations.
While we face ever increasing complexity and dependence on these networks, we are exposed to a rapidly expanding and more aggressive and sophisticated risk landscape. A wide spectrum
3 EMC is a global leader in enabling businesses and service providers to transform their operations and deliver information technology as a service (ITaaS). Fundamental to this transformation is cloud computing. Through innovative products and services, EMC accelerates the journey to cloud computing, helping IT departments to store, manage, protect and analyze their most valuable asset — information — in a more agile, trusted and cost-‐efficient way.
GSOC Best of Breed Opinion February 2014 © 2014 Andrews International, L.L.C Page 4 of 5
of multidimensional threats continues to grow and threaten information assets, with cyber-‐attacks for an equally wide spectrum of motivations.
A reactionary approach to these threats poses too great a risk to critical infrastructures. If cyber threats aren’t addressed until an attack occurs, unrecoverable loss can result. Just as it is no longer acceptable practice to stand back waiting for physical threats on our physical and human assets, it is the responsibility of enterprises to proactively prepare for cyber threats in order to protect their assets, personnel and customers.
Thorough and ongoing risk assessment analysis, the establishment of sound threat intelligence and counter-‐intelligence should be key objectives of the GSOC. Anticipating what may be coming around the corner or over the horizon best serves the enterprise in protecting all assets, be they informational, physical or personal in nature.
Conclusion This is a high level guide, detailing the basic components required for planning a successful GSOC operation. Every GSOC charter differs in order to meet the needs of the company it serves, and so the specific tools required to meet those needs will also differ. The basic requirements outlined herein for setting up the processes and standards are consistent best practices demonstrated by the Pillars of Excellence below. For more information regarding solutions to your specific GSOC needs, contact:
William M. "Bill" Besse, CHS-‐V Vice President, Consulting and Investigations Andrews International Dallas, Texas 214.254.3978 (T) 972.741.7532 (C) [email protected]
D.C. Page Senior Vice President, Consulting and Investigations Andrews International 66 West Flagler Street, Suite 401 Miami, Florida 33130 305.373.8488 [email protected]
GSOC Best of Breed Opinion February 2014 © 2014 Andrews International, L.L.C Page 5 of 5
Pil lars of Excellence
GSOC Components
• Establishing standards
• Having the right tools
• Technology roadmap
• Concept of Operations
System Health
• Identifying a health score/ monitoring
• Automating reporting and tracking
• Global repair and maintenance process
Program Optimization
• Making the best out of the tools that you have
• Identify the investments needed
• Dedicated IT support
GSOC Resiliency
• BCP in place
• Establish redundant server architecture
• “Hot” tools to automate failovers
Cyber Security & Intelligence
• Counter-‐intelligence/ defense
• Positive collection/ protective Intelligence
• Dedicated Intel Analyst