If you are an associate-level cybersecurity analyst who is working in security operation centers, this lesson evaluates SOC processes and services. By the end of the course, you will be able to: • Understand primary responsibilities of a SOC and its interactions with other departments within the organization.• Understand various services that a SOC provides throughout the incident response phases. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.

If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you understand SOC types, staffing considerations, and deployment models and their consumers. By the end of the course, you will be able to: • Describe various SOC types and staffing considerations. • Describe SOC deployment models and their corresponding consumer profiles. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.

If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you to understand about staff that work in SOC and their personnel roles and titles. Describe the necessary skills to work in a SOC. By the end of the course, you will be able to: • Describe the role of each SOC member in general and in the context of incidence response. Describe the skill set of each SOC member and their toolkit components. • Describe the interactions of SOC members with each other and external entities in the context of incidence response. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.

If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you understand the data collection and data analytics activities performed in a SOC. Identify tools for performing data collection and analysis activities and how they complement each other. By the end of the course, you will be able to: • Describe SOC relevant data and security event data. • Describe SOC tools and their features. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.

If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you understand the importance of using effective tools and developing a good relationship with external organizations. Describe the most important tools and software the SOC team uses to achieve this goal. By the end of the course, you will be able to: • Describe intelligence resources, regulatory agencies, and government industry organizations with which the SOC communicates. • Describe the policies, procedures, and governance rules to integrate with SOC procedures that define how it engages with users, HR, and legal in response to detected violations of procedures. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.

If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you explain the use of SOC metrics to measure the effectiveness of the SOC. By the end of the course, you will be able to: • Explain security data aggregation. • Explain Time to Detection (TTD) in context to network security. • Describe security controls detection effectiveness. • Describe SOC metrics. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.

If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you understand the use of a workflow management system and automation to improve the effectiveness of the SOC. By the end of the course, you will be able to: • Describe SOC WMS concepts. • Describe how a typical workflow management system is integrated within a SOC.• Describe SOC WMS integration. • Provide an example of SOC workflow automation. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.