February 26, 2019
Why is the UofG Security Operations Centre so popular?
Ever since CCS established the SOC, or Security Operations Centre, it has been quite popular with campus groups, members of governance committees, groups from other Universities, and even some companies. Now, while we can arrange a tour for any interested group, this blog post functions as a small virtual tour as the photos in the carousel above are intended to give you a snapshot of our SOC.
Security Awareness
Security Awareness is a staple for the Information Security team. As you can see from the posters in Image 3: SOC Awareness [1], we work on regular physical awareness campaigns. Our posters are visible on bulletin boards, electronic advertising screens, the Ontarion, the Branion Plaza cube (especially around the Security Awareness Roadshow [2]), and even campus washrooms. Image 4: SOC Owl [3] shows Geoff, one of our beloved owls. Geoff or partner Huey can be used by groups to encourage co-workers to keep their workstations locked. The idea is “Owl be watching you.” Some of other awareness activities include our courses on Courselink, internal phishing campaigns, and every conversation we have with the campus community.
Incident response and investigation
The daily work of the Information Security Team is centred around reports of incidents, and investigating abnormal behavior that happens on the network. This is reflected in the data on the dashboards of the lower two screens of our video wall (Image 5: SOC Videowall [4]). We have software which collects ‘events’(*) from many network devices, servers and services. We have programmed alerts and thresholds to sift through alert us to any unusual or suspicious events, and we have the tools to properly investigate these. The top left-most screen shows an international map which one of our team programmed to show all direct attacks to the UofG infrastructure. The top-left is a running news-feed for situational awareness, including an early alert to internet slow-down
The team
A SOC room (Image 2: SOC Banner [5]) is nothing without a team of talented and dedicated staff. The screen capture of the security camera (Image 1: SOC Camera [6], courtesy of the UofG Campus Community Police) shows most of the SOC team and some visitors. Our daily task is to help members of the UofG community to feel secure when they use their computers, office and email tools, or surf the internet. Every day without a major incident counts as a small victory for us.
Written by: Gerrit Bos, Information Security Officer
(*) An event can be a login, a connection to wi-fi, browse to a website etc. We receive a fire hose of literally billions of events per month. Events can come from anywhere in the world. The clocks in Image 6: SOC Clocks [7] help us keep our time bearings.