Summary
As you have seen from this chapter, cybersecurity operations is a very busy and active component of the overall cybersecurity program. Ensuring this function is operating as efficiently as possible will allow for quicker response and resolution as incidents occur within the organization. Ensuring you have some form of 24/7/365 operations in place with your cybersecurity program is no longer a choice these days. Obviously, this comes at a cost, and accomplishing this internally may not be realistic. But there are options such as outsourcing and engaging MSSPs who specialize in 24/7/365 operations. Because of the ongoing demand on your employees within this function, ensure you have their wellness top of mind and that they are not being overworked and burnt out.
The first part of the chapter provided an overview of cybersecurity operations and the main components involved in completing the cybersecurity operations program. This included the SOC, threat detection, and incident...
