SK-CERT performs the security monitoring in the Security Operations Center (hereinafter referred to as the SOC) for the purpose of gathering the information on cyber security incidents from different sources using specialized technical tools.
A task of the SOC is a continuous security monitoring with the aim to ensure the security of operated systems. Monitoring includes receiving and sorting out the data and information from operated systems, but also the information on security incidents from constituency’s organisations and open sources. Afterwards, they are subject to analysis in order to classify them and evaluate their relevance and potential impacts.
The SOC uses the latest technological solutions in detection, subsequent analysis and taking early countermeasures against incidents in the field of cyber security and follows the comprehensive process model which takes into account the international standards in the cyber security management.
The SOC of SK-CERT has the latest hardware and software equipment for receiving and gathering the information on security incidents of networks, servers, end points, databases, applications, webpages and other systems. Potential security incidents and anomalous activities are subsequently thoroughly analysed, forensically processed and distributed to SK-CERT constituency and all relevant subjects.