Building a Global Security Operations Center (GSOC), versus outsourcing the activity to a third-party provider, can create substantial controversy around the conference room table. The best way to offset this is to frame the discussion by documenting key points. This provides the data necessary to move the process forward. Lets look at four major areas in defining the scope and aiding decision-making.
1. Assessing Internal Expertise
First, does the entity have the expertise and experience to effectively develop and manage the effort? Staffing considerations should include how the organization is currently positioned to recruit, select, train, and retain a sufficient level of staffing not only to support 24/7 operations; but also to have the capability to surge response to effectively address high-impact events. The selected approach should be based on locations, coverage needs, staff competencies and required availability. Internal or outsourced, effective management will require integration into the enterprises plans, policies, procedural guidance and processes in order to develop the protocols necessary to coordinate, monitor and support operations.
2. Establishing Requirements
Centralizing incident response efforts can initially create challenges in managing disruptions. Determining the budget, scope and functional requirements your GSOC will need is essential to address these challenges. Establishing design criteria reveals components and system performance needs versus wants. If outsourcing, this provides the information needed to create the SOW in an RFP. When building your own, this aids in site selection and identifies the infrastructure specifications essential to support continuous operations. Whether you select an internal, outsourced, or hybrid approach; without a clear requirements document, the collective effort is tantamount to engaging in a never ending game of whack-a-mole.
3. Identifying the GSOC Lifecycle
Once your requirements have been identified and design specifications established, one of the most overlooked aspects in the decision-making process is understanding what is known as the Total Cost of Ownership (TCO) of the GSOCs equipment lifecycle. The decision focus tends to gravitate to equipment procurement and installation costs. However, in addition to supporting infrastructure maintenance (e.g. UPS's and generators), system components will need replaced at certain frequencies, parts may go out of production, or technical support no longer provided. Also unidentified or underestimated is the costs for ongoing training, drills, exercises, audits, and oversight to ensure regulatory, contractual, or other stakeholder expectations are met. These characteristics determine the TCO aspect of the GSOC decision.
4. Developing Supporting Documentation
Lastly, and most importantly, is compiling these into a document with the courses of action available that is easily absorbed by the entitys decision-maker(s). Review and ensure key elements have been identified, characterized, and analyzed to support executive decision-making. Where cost is the primary concern; providing a comparative analysis of internal, external, and hybrid approaches with high-level pros and cons can be a valuable aid. Additional content to consider includes: current day-to-day operations and limitations; real events and reasonable scenarios demonstrating the impact and consequences of moving forward with and without a GSOC; and key performance indicators to measure ROI.
In closing, it is recommended the entity select a qualified disinterested third party (e.g. no relation to manufacturers or integrators) to assist in reviewing design specifications, installation drawings, operational procedures, or provide independent audits/ reviews. This ensures the efforts usability, suitability and operational reliability. It also ensures alignment with established design standards and industry practices.