Insights

Security Operations and Incident Response Team

Case Study Cybersecurity

A health and wellness company leverages our Cybersecurity approach to optimize resource productivity and improve security classification.    

SITUATION  

Our client set out to ensure their Security Operations Center and Security Incident Response Team in Minneapolis was both onshore and able to meet government requirements of operating 24x7. While a full time support team was needed for overnight and weekend coverage, our client was also faced with the challenge of maximizing productivity during the lower volume periods. The client desired:  

  • A fully operational unit that was appropriately managed, included tracking KPIs for the team, managed SLAs, and enabled training and personnel management  
  • A taxonomy of security incidents to categorize each event/incident properly and identify the best way to respond to similar incidents, creating organization-wide best practices.  

SOLUTION  

We constructed and presented a solution that focused on resource management and productivity. Our approach centered on building a team of highly skilled resources that could not only handle the 24x7 coverage, but would simultaneously develop a taxonomy of security incidents. The taxonomy enables best practices around KPIs, incident response quality and efficiency against SLAs. Our team brought expertise in security analysis, network administration, SIEM monitoring, Data Loss Prevention (Vontu), incident management, and HP Service Management (HPSM). Our team provided the client the following engagement deliverables:  

  • Boot Camp training to get the team rapidly up to speed and deployed in 3 days  
  • Establishment of baseline taxonomy KPIs 
  • Schedule control for 30 resources over 4 schedules to achieve 24/7 coverage  
  • Proactive and systematic performance management to keep team motivated and attrition rates down  

24 x 7 x 365 Security Operations Center

RESULT  

By identifying projects for team members to work on during lower volume periods, overall productivity of the team was maximized while meeting the 24x7 requirements. The client has also seen significant improvements in the quality of security and incident classification. The initial program was extended for a second year, based on its success. 

 

Click here to read this in Spanish.

Related Insights: Cybersecurity Healthcare Support Centers
You May Also Like
A hand reaching through a laptop holding a lock
Post-Breach Remediation and Risk Reduction​
Case Study Cybersecurity
abstract image with lock icons and lines connecting
Product Security and Vulnerability Management
Case Study Cybersecurity
hands holding a cell phone in front of a laptop with virtual banking icons
Mobile DevSecOps Platform
Case Study Product and Application Development