background Layer 1

Security Operation Center with People-Process-Technologies

Customer
Central Bank of ARMENIA
Project manager on the customer side
Komitas Stepanyan
IT&Cybersecurity Director
Project timeline
March, 2021 - December, 2023
Project scope
30000 man-hours
Goals
Project goals were:
  1. Establish fully functional Security Operations Center
  2. Establish CSIRT team with certified professionals
  3. Implement Cyber Range Training Platform
  4. Organize international cybersecurity conference
  5. Participate in different hackathons

Project Results
Currently we have:
  • Competent, young and enthusiastic team of 15+ people with diverse skills. Some of them has already certified, others will become certified till the end of this year.
  • Implemented Cyber Range training platform, which is available not for only Central Bank but for Public and Private sector as well.
  • A new SOC with defined processes, proper technologies and tools
Yet another outstanding achievement worth noting is our newly formed team's participation in the Cyber Security Tournament organized by Rossselekom Solar company. Among 40 competing teams, only five advanced to the finals, and our team secured a commendable third-place finish, narrowly missing the second-place spot to a highly competitive team by just a few points.

The uniqueness of the project

Worldwide, the cyber workforce shortfall is approximately 3 to 3.5 million people according to different sources. In this regard it was the most difficult challenge to hire, train and form a team of cyber professionals.
We adopted a novel approach to identify and nurture young talents, primarily students. We provided them with guidance, enabling them to develop their skills, ultimately forging a dynamic and adaptable team. This endeavor received substantial reinforcement from seasoned team members and coaches.

Used software
  1. Trellix solutions
  2. Special CSIRT training provided by Mandiant
  3. SimSpace: Cyber Range Platform

Difficulty of implementation
  • cyber workforce shortfall
  • Hiring challenges
  • Acquiring technologies and hardware in the post-COVID-19 era, characterized by disruptions in supply chains
  • Implementation and integration of other, sometimes legacy systems challenges

Project Description

The Central Bank of Armenia (CBA) plays a pivotal role in ensuring the robustness and security of Armenia's financial sector and critical financial market infrastructure. With a long-term vision to fortify the overall cyber resilience of this sector, the CBA must expediently and accurately evaluate its cyber risk profile, encompassing people, processes, and technology. It aims to devise a comprehensive roadmap for enhancements, both within the CBA itself and throughout the broader financial sector. This strategic plan involves the establishment of a Cyber Security Operations Center (SOC) and a Cyber Security Incident Response Team (CSIRT).

The most pressing and widespread issue in every market globally revolves around the acute shortage of adequately trained and qualified cybersecurity professionals who can efficiently operate and manage SOC and Incident Response teams. To address this challenge, the CBA is embarking on diverse training programs. In a groundbreaking initiative, the CBA is working towards the implementation of an on-premises cyber range training platform, designed to nurture a larger pool of cybersecurity talents. The primary goal is not limited to serving the CBA alone but extends to benefit the entire financial sector and the country as a whole.

Simultaneously, efforts are underway to establish a Cyber Defense Center. The underlying objective of the Cyber Defense Center Development service is to empower the CBA in more effectively managing its security processes and proactively addressing forthcoming cyber threats. This is achieved through the establishment of a Security Operations Center (SOC) to:

  • Enhance Defense Posture: The SOC seeks to identify and rectify vulnerabilities in security monitoring and response capabilities, thus bolstering its capacity to ward off advanced cyber threats.
  • Foster Consensus on Security Improvements: By sharing knowledge and prioritizing enhancements, the CBA endeavors to promote internal collaboration and communication, ensuring that security improvements are universally embraced.
  • Mitigate the Impact of Security Incidents: The SOC's core purpose is to augment its capabilities in detecting and responding to security incidents, thereby minimizing cyber risks and safeguarding the financial sector.
Important: More details are more specific and can not be provided!

Project geography
This project is primarily focused on Armenia; however, it also brings additional benefits through collaboration with various FinCERTs
Additional presentations:
How to built SOC.pdf
We use cookies for analytical purposes and to deliver you the best experience with our website. Continuing to the site, you agree to the Cookie Policy.