Security Operation Center

 

The Security Operation Center (Incident Response Program) enables an agency to proactively monitor, detect and respond to computer incidents such as unauthorized system and network access, virus infections, etc. DNC Corp's proposed solution for implementing a proactive and effective program consists of the following:

  • Perform 24/​7/​365 network monitoring – review and analyze Intrusion Detection and Prevention Systems (IDS/​IPS) sensors data.​
  • Perform 24/​7/​365 log monitoring – review and analyze system security logs.​
  • Perform network traffic analysis.​
  • Perform threat monitoring – monitor industry resources and observe new technical developments, intruder activities and related trends to help identify threats to the Organization.​
  • Conduct vulnerability handling – monitor industry resources for the latest hardware and software vulnerabilities, qualify threats, develop mitigation strategies.​
  • Perform and participate in incident handling process, incident discovery, analysis and verification, incident tracking, containment and recovery, incident response coordination and notification.​
  • Perform malware and memory analysis.​
  • Prepare IT Security Advisories and Security Information Bulletins.​
  • Develop and document standard operating procedures (SOP) and compile reports.​
  • Develop and implement custom enterprise IT security solutions for a wide array of issues.​
  • Participate in vulnerability assessment and penetration testing.​
    Perform IT security research in support of IT security directives.

 

As a result of years of implementing incident management programs, DNC Corp has developed program modules tailored to ensure the best solution for its clients. Examples of these are:

  • Recognizing potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analysis of relevant event detail and summary information
  • Technical understanding of adversarial TTPs
  • Technical leadership for the coordination, assessment, evidence collection, analysis, communications, remediation, and reporting surrounding cyber incidents
  • Oversee efforts for post-incident remediation and recovery
  • Provide assessments, brief stakeholders on impact and mitigation planning, and disseminate cyber threat intelligence
  • Brief senior leadership and technical teams on the evolving threat landscape, lessons learned from intrusions, and incident response activities
  • Assess client’s capability in collecting, analyzing, escalating, and responding to cyber attacks and assist in maturing capability
  • Ensure strategic and tactical support for clients sites throughout the country, in various time zones
  • Implement improvements to processes, methodologies, and agency communications
  • Perform preliminary forensic evaluations of internal systems, evaluating/deconstructing malware using different tools
  • Institute Incident Handling plans and guidelines
  • Develop executive\technical incident response reports and provide mitigation recommendations
  • Deployment of cyber incident response tools
  • Prevention/intelligence and response to emerging threats and computer security incidents
  • Develop and report on metrics to highlight achievements and support continuous improvement
  • Identify innovative techniques for strategic and tactical network defense