ОПЕРАЦІЙНИЙ ЦЕНТР БЕЗПЕКИ ЯК ПОСЛУГА НА ОСНОВІ SIEM

Abstract

This study examines the Security Operations Center, which provides detection and analysis of cybersecurity, rapid response, and prevention of cyber attacks. Security Operations Center technologies are used to provide visibility and enable analysts to protect against attacks. The algorithm of presenting the topic «Security Center» during the teaching of the discipline «Security of programs and data» at the Volodymyr Vynnychenko Central Ukrainian State Pedagogical University is shown, namely the problems of implementation of event monitoring systems «Security information and event management», types of operational centers, methods of building internal operational security centers. Subject competencies are formed in students: to classify, identify and protect information processing facilities from unauthorized access and computer viruses, to develop individual access control and information protection systems. The process of implementing Security information and event management systems at the enterprise is shown, the main mechanisms of this system using a hierarchical model, the main tasks of the security operational center, the key parameters of the Security Operations Center (organizational model, performance of functions that go beyond the tasks, level of authority), basic rules of correlation. The commercial security operations center SOC as a Service is considered, which is designed to help work with a huge amount of information, real-time monitoring and response to attacks. During the laboratory classes, the students analyzed the companies that provide security operations center services (Information Systems Security Partners, Octave Cybersecurity, Infopulse, Omega Security Service) and studied the factors that affect companies when choosing the type Security Operations Center. Key words: Security Operations Center, SEIM-systems, cybersecurity, SOC as a Service.