fbpx

Nigerian Government to build Security Operations Centre (SOC) in 2024

Must Read

Destiny Young
Destiny Younghttp://linktr.ee/youngdestinya
Destiny Young is a highly credentialed information technology professional with over 13 years of industry experience. An HND/BSc (Hons) Computer Science graduate. He holds a Master of Technology degree in Information Technology from the prestigious University of South Africa (UNISA). He is a Distinction-grade MBA alumnus of Nexford University, Washington, DC, where he also obtained a First-class MSc degree in Digital Transformation. He is currently pursuing MSc in Cybersecurity. His professional development direction is in Cybersecurity, Digital Transformation, and Business Intelligence. He is a member of the British Computer Society (BCS), the Chartered Institute of Administration of Nigeria (CIA), the Nigeria Computer Society (NCS), etc.

The National Information Technology Development Agency (NITDA) has said that the agency will be collaborating with the Chartered Institute of Forensic and Certified Fraud Investigator of Nigeria (CIFCFIN) to establish a cybersecurity laboratory next year. 

The Director General of the agency, Mr. Kashifu Inuwa, disclosed this while receiving CIFCFIN’s President, Dr. Iliyasu Gashinbak, and his team at the NITDA headquarters.

According to him, the collaboration was necessary to promote digital forensics, reinvigorate the tech ecosystem, and mitigate cybercrimes in the digital space. 

The Director-General said that perpetrators of cybercrimes invested well in research, information technology, and powerful tools to launch attacks, adding that taking proactive steps to counter them was non-negotiable. 

Investment in cybersecurity lab 

While noting that the agency has not done much in the area of cybersecurity despite its investments in other areas, Inuwa said: 

  • “We invested in other technologies such as the Digital Fabrication Lab (FABLAB 1.0) and other labs around the country, but we are yet to build a Cybersecurity Laboratory.
  • “We already have in mind where it will be situated but we will need all relevant stakeholders to be part of it so that the design and implementation of the centre can be fast-tracked. 
  • “NITDA’s investment in the project would be done from next year, the centre will not be named as Forensics Lab but will also incorporate Cybersecurity into its nomenclature to cover other important areas of interest,” he said. 

The NITDA boss decried the dangerous impact cybercrime had on the economy of the country, organizations, and individuals, hence the need to build capacity for protection against unscrupulous elements.

He also said that some organizations do not take into cognizance the need to ensure cybersecurity while developing their digital services which had fueled attacks by internet fraudsters. 

  • “We should always design or digitize with security in mind in whatever we do because that is the only way we can be safe.
  • “NITDA has been proactive in taking critical measures toward protecting cyberspace through creating awareness, capacity building, and infrastructure. 
  • “Although we are doing our modest best in this regard, we know we cannot succeed in isolation, this explains why we welcome collaborations and work with key stakeholders and other Sovereign Nations to achieve the best result,” he said. 

According to Inuwa, there have been different Cybersecurity training programs that have been held across Ministries, Departments, and Agencies (MDAs), adding that thousands of Nigerians have so far been trained both on the Cisco Academy and Coursera platforms. 

Meanwhile, CIFCFIN’s President, Gashinbak, has appealed to NITDA for support with computers for the Nigerian College of Forensics and Fraud Investigators (NCFFI), technical assistance to deploy their combined e-portal and e-learning platforms as well as Postgraduate scheme and scholarship programs.

He said the institute would be committed to discharging its duties toward the success of the forged collaboration. 

(C) Nairametrics

What is a Security Operations Center (SOC)?

A security operations center (SOC) – sometimes called an information security operations center, or ISOC – is an in-house or outsourced team of IT security professionals that monitors an organization’s entire IT infrastructure, 24/7, to detect cybersecurity events in real time and address them as quickly and effectively as possible.

An SOC also selects, operates, and maintains the organization’s cybersecurity technologies, and continually analyzes threat data to find ways to improve the organization’s security posture.

The chief benefit of operating or outsourcing an SOC is that it unifies and coordinates an organization’s security tools, practices, and response to security incidents. This usually results in improved preventative measures and security policies, faster threat detection, and faster, more effective and more cost-effective response to security threats. An SOC can also improve customer confidence, and simplify and strengthen an organization’s compliance with industry, national and global privacy regulations.

What an Security Operations Center (SOC) does

SOC activities and responsibilities fall into three general categories. Preparation, planning and prevention

Asset inventory. An SOC needs to maintain an exhaustive inventory of everything that needs to be protected, inside or outside the data center (e.g. applications, databases, servers, cloud services, endpoints, etc.) and all the tools used to protect them (firewalls, antivirus/anti-malware/anti-ransomware tools, monitoring software, etc). Many SOCs will use an asset discovery solution for this task.

Routine maintenance and preparation. To maximize the effectiveness of security tools and measures in place, the SOC performs preventative maintenance such as applying software patches and upgrades, and continually updating firewalls, whitelists and blacklists, and security policies and procedures. The SOC may also create system back-ups – or assist in creating back-up policy or procedures – to ensure business continuity in the event of a data breach, ransomware attack or other cybersecurity incident.

Incident response planning. The SOC is responsible for developing the organization’s incident response plan, which defines activities, roles, responsibilities in the event of a threat or incident – and the metrics by which the success of any incident response will be measured.

Regular testing. The SOC team performs vulnerability assessments – comprehensive assessments that identify each resource’s vulnerability to potential threats, and the associate costs. It also conducts penetration tests that simulate specific attacks on one more systems. The team remediates or fine-tunes applications, security policies, best practices and incident response plans based on the results of these tests.

Staying current. The SOC stays up to date on the latest security solutions and technologies, and on the latest threat intelligence – news and information about cyberattacks and the hackers of perpetrate them, gathered from social media, industry sources, and the dark web. Monitoring, detection and response

Continuous, around-the-clock security monitoring. The SOC monitors the entire extended IT infrastructure – applications, servers, system software, computing devices, cloud workloads, the network – 24/7/365 for signs of known exploits and for any suspicious activity.

For many SOCs, the core monitoring, detection and response technology has been security information and event management, or SIEM. SIEM monitors and aggregates alerts and telemetry from software and hardware on the network in real time, and then analyzes the data to identify potential threats. More recently, some SOCs have also adopted extended detection and response (XDR) technology, which provides more detailed telemetry and monitoring, and the ability to automate incident detection and response.

Log management. Log management – the collection and analysis of log data generated by every network event – is a subset of monitoring that’s important enough to get its own paragraph. While most IT departments collect log data, it’s the analysis that establishes normal or baseline activity, and reveals anomalies that indicate suspicious activity. In fact, many hackers count on the fact that companies don’t always analyze log data, which can allow their viruses and malware to run undetected for weeks or even months on the victim’s systems. Most SIEM solutions include log management capability.

Threat detection. The SOC team sorts the signals from the noise – the indications of actual cyberthreats and hacker exploits from the false positives – and then triages the threats by severity. Modern SIEM solutions include artificial intelligence (AI) that automates these processes ‘learns’ from the data to get better at spotting suspicious activity over time.

Incident response. In response to a threat or actual incident, the SOC moves to limit the damage. Actions can include:

• Root cause investigation, to determine the technical vulnerabilities that gave hackers access to the system, as well as other factors (such as bad password hygiene or poor enforcement of policies) that contributed to the incident

• Shutting down compromised endpoints or disconnecting them from the network

• Isolating compromised areas of the network or rerouting network traffic

• Pausing or stopping compromised applications or processes

• Deleting damaged or infected files

• Running antivirus or anti-malware software

• Decommissioning passwords for internal and external users.

Many XDR solutions enable SOCs to automate and accelerate these and other incident responses. Recovery, refinement and compliance

Recovery and remediation. Once an incident is contained, the SOC eradicates the threat, then works to the impacted assets to their state before the incident (e.g. wiping, restoring and reconnecting disks, end-user devices and other endpoints; restoring network traffic; restarting applications and processes). In the event of a data breach or ransomware attack, recovery may also involve cutting over to backup systems, and resetting passwords and authentication credentials.

Post-mortem and refinement. To prevent a recurrence, the SOC uses any new intelligence gained from the incident to better address vulnerabilities, update processes and policies, choose new cybersecurity tools or revise the incident response plan. At a higher level, SOC team may also try to determine if the incident reveals a new or changing cybersecurity trend for which the team needs to prepare.

Compliance management. It’s the SOC’s job to ensure all applications, systems, and security tools and processes comply with data privacy regulations such as GDPR (Global Data Protection Regulation), CCPA (California Consumer Privacy Act), PCI DSS (Payment Card Industry Data Security Standard, and HIPAA (Health Insurance Portability and Accountability Act). Following an incident, the SOC makes sure that users, regulators, law enforcement and other parties are notified in accordance with regulations, and that the required incident data is retained for evidence and auditing.Key Security Operations Center (SOC) team members

(C) IBM

Destiny Young
Destiny Young is a highly credentialed information technology professional with over 13 years of industry experience. An HND/BSc (Hons) Computer Science graduate. He holds a Master of Technology degree in Information Technology from the prestigious University of South Africa (UNISA). He is a Distinction-grade MBA alumnus of Nexford University, Washington, DC, where he also obtained a First-class MSc degree in Digital Transformation. He is currently pursuing MSc in Cybersecurity. His professional development direction is in Cybersecurity, Digital Transformation, and Business Intelligence. He is a member of the British Computer Society (BCS), the Chartered Institute of Administration of Nigeria (CIA), the Nigeria Computer Society (NCS), etc.
- Advertisement -spot_img

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisement -

Latest News

How Digital Forensics Aide Fraud Investigation

Digital forensics is a branch of forensic science that involves identifying, preserving, analyzing, and reporting on electronic data. The goal is to preserve evidence in its original form and reconstruct past events to support or refute hypotheses.
- Advertisement -

More Articles Like This

- Advertisement -