Security Operation Center with People-Process-Technologies
- Customer
- Central Bank of ARMENIA
- Project manager on the customer side
- Project timeline
- March, 2021 - December, 2023
- Project scope
- 30000 man-hours
- Goals
-
Project goals were:
- Establish fully functional Security Operations Center
- Establish CSIRT team with certified professionals
- Implement Cyber Range Training Platform
- Organize international cybersecurity conference
- Participate in different hackathons
- Project Results
-
Currently we have:
- Competent, young and enthusiastic team of 15+ people with diverse skills. Some of them has already certified, others will become certified till the end of this year.
- Implemented Cyber Range training platform, which is available not for only Central Bank but for Public and Private sector as well.
- A new SOC with defined processes, proper technologies and tools
Yet another outstanding achievement worth noting is our newly formed team's participation in the Cyber Security Tournament organized by Rossselekom Solar company. Among 40 competing teams, only five advanced to the finals, and our team secured a commendable third-place finish, narrowly missing the second-place spot to a highly competitive team by just a few points.
The uniqueness of the project
Worldwide, the cyber workforce shortfall is approximately 3 to 3.5 million people according to different sources. In this regard it was the most difficult challenge to hire, train and form a team of cyber professionals.- Used software
-
- Trellix solutions
- Special CSIRT training provided by Mandiant
- SimSpace: Cyber Range Platform
- Difficulty of implementation
-
- cyber workforce shortfall
- Hiring challenges
- Acquiring technologies and hardware in the post-COVID-19 era, characterized by disruptions in supply chains
- Implementation and integration of other, sometimes legacy systems challenges
- Project Description
-
The Central Bank of Armenia (CBA) plays a pivotal role in ensuring the robustness and security of Armenia's financial sector and critical financial market infrastructure. With a long-term vision to fortify the overall cyber resilience of this sector, the CBA must expediently and accurately evaluate its cyber risk profile, encompassing people, processes, and technology. It aims to devise a comprehensive roadmap for enhancements, both within the CBA itself and throughout the broader financial sector. This strategic plan involves the establishment of a Cyber Security Operations Center (SOC) and a Cyber Security Incident Response Team (CSIRT).
The most pressing and widespread issue in every market globally revolves around the acute shortage of adequately trained and qualified cybersecurity professionals who can efficiently operate and manage SOC and Incident Response teams. To address this challenge, the CBA is embarking on diverse training programs. In a groundbreaking initiative, the CBA is working towards the implementation of an on-premises cyber range training platform, designed to nurture a larger pool of cybersecurity talents. The primary goal is not limited to serving the CBA alone but extends to benefit the entire financial sector and the country as a whole.
Simultaneously, efforts are underway to establish a Cyber Defense Center. The underlying objective of the Cyber Defense Center Development service is to empower the CBA in more effectively managing its security processes and proactively addressing forthcoming cyber threats. This is achieved through the establishment of a Security Operations Center (SOC) to:
- Enhance Defense Posture: The SOC seeks to identify and rectify vulnerabilities in security monitoring and response capabilities, thus bolstering its capacity to ward off advanced cyber threats.
- Foster Consensus on Security Improvements: By sharing knowledge and prioritizing enhancements, the CBA endeavors to promote internal collaboration and communication, ensuring that security improvements are universally embraced.
- Mitigate the Impact of Security Incidents: The SOC's core purpose is to augment its capabilities in detecting and responding to security incidents, thereby minimizing cyber risks and safeguarding the financial sector.
Important: More details are more specific and can not be provided! - Project geography
- This project is primarily focused on Armenia; however, it also brings additional benefits through collaboration with various FinCERTs
- Additional presentations:
- How to built SOC.pdf