In recent years Romania and, more broadly, South East Europe have become a hotbed for international IT services. Due to the region’s Internet of Everything approach, the IT market is booming and facilities like Security Operations Centres (SOCs) and Network Operation Centres (NOCs) are emerging and evolving quickly.
In my role as Security Systems Senior Manager in one of the biggest SOCs in South East Europe, I’m responsible for delivering a range of services to protect clients across the United States and EMEA. Day-to-day, our tasks include elements such as monitoring for security incidents, forensics of breaches and risk and vulnerability management – all with the purpose of defending a company’s assets.
The value of ITIL
As security threats appear and develop in their sophistication daily, more and more companies are now investing in security. To deliver the best possible services to our clients, and in a fast-paced and changing environment, operational excellence is absolutely key. For that reason, I see ITIL as a must in an SOC: whether you’re dealing with incidents, change or problem management, its defined approach helps ensure we’re professional and business-like in the services we deliver.
Here are the ways ITIL can be used in a SOC environment:
Identifying, preventing and resolving incidents is a primary role of a SOC, so ITIL’s problem management tools within Service Operations are extremely useful. Following risk analysis, the guidance then supports users in how to approach an event or problem should something occur and how to report and communicate these risks more widely.
Having these defined processes in place, along with guidance on how they link together, makes our SOC run more smoothly. It also helps to establish repeatability and predictability in scenarios that are often changeable and potentially volatile.
Learning from an event
Handling an incident is one thing, but to prevent it from occurring again it’s important to learn from what has happened. With a strong focus on Continual Service Improvement, ITIL gives us a clear and methodical structure to ensure that we record and act on the forensics we gather following an event. That way we can fine tune processes and procedures and improve what’s already in place.
In a large and evolving SOC like ours, where there are hundreds of people employed, communication is important. ITIL helps maintain communication channels among different teams and departments by creating a common language that everyone understands. In a SOC, ITIL is essential for every employee and, at present, approximately 75% of our staff are trained to at least Foundation level.
In a fast-growing SOC, managing resources is a challenge; so the capacity management guidance within ITIL is very useful in helping us to plan out different activities and allocate effectively. Using the processes, we can ensure we’re maintaining the necessary coverage and delivering the support our clients need to protect their assets.
See our ITIL section for more information.