Global Security Operation Center “GSOC” Best of Breed Opinion  Basic  requirements  for  a  best  in  class  Global  Security  Operation  Center.  

 

 

 

 

 

 

 

 

 

 

 

CONSULTING AND INVESTIGATIONS DIVISION The Consulting and Investigations (C&I) Division is part of one of the largest security companies in the United States. With a customer-centric approach that integrates risk management and enterprise security solutions, the company provides consulting and investigations expertise to long-standing customers in a variety of industries. The C&I Division supports customers through direct operating locations in the U.S., Canada, Central, Latin and South America, with local and global capabilities in more than 125 countries through dedicated resources. C&I services include due diligence, business intelligence, security/business continuity assessments, executive protection and transportation security, asset and intellectual property protection, and many other risk mitigation services that augment contract security services. For additional information regarding our full range of national security services, please call: 305.373.8488 or 800.452.1622.  

Los Angeles • New York City • Chicago • Miami • Atlanta • Dallas • Montreal • Mexico City • Bogotá • Buenos Aires  

 

 

GSOC  Best  of  Breed  Opinion     February  2014  ©  2014  Andrews  International,  L.L.C       Page  1  of  5  

Global Security Operation Center “GSOC”: Best of Breed Opinion    This  document  highlights   key   requirements   for   the   foundation  of  a  best   in   class  Global   Security  Operation   Center   (GSOC).   A   GSOC   has   diverse   components   and   has   to   be   extremely   versatile,  requiring  synergistic  coordination  of  many  tools  to  work  effectively.  The  key  features  described  in  this   document   offer   a   high   level   guide   to   achieve   a   comprehensive   system   for   successfully  building,  maintaining,  and  running  a  GSOC.    

Concept of Operations Defining  the  charter  or  Concept  of  Operations  (CONOPS),   the  role  of   the  GSOC,   is   the  first  basic  step  of  planning  a  GSOC,  and  should  act  as  a  compass  for  technology  selections  and  deployments.  Prioritizing  the  functions  and  expected  deliverables  will  drive  standards  and  requirements  relating  to  GSOC  tools  and  resource  allocation.      Identifying   and   responding   to   risks   is   typically   the   central   role   of   the   GSOC,   necessitating  monitoring   of   a   range   of   systems   from   facility   security   and   life   safety   systems,   to   critical  equipment   and   travel   risk.   Monitoring   access   control   systems   is   often   at   the   center   of   GSOC  monitoring  activities.  Defining  this  as  a  priority  means  the  GSOC  must  have  the  ability  to  receive  and   respond   to   alarms   in   the   most   effective   way   possible.   Requirements   become   clear   when  establishing   the   tools   necessary   to  meet   these   operational   monitoring   needs.   Response   times,  capacity,  and  quality  can  all  be  improved  when  the  right  tools  are  in  place,  directly  impacting  costs  and   performance.   To   operate   at   optimal   efficiency,   access   control   systems   must   have   robust  integrations  allowing  for  automation,  converging  data  sources  such  as  video,  device  mapping,  and  automated   logic,   into   actionable   intelligence.   Identifying   the   global   system   configuration   may  reveal   multiple   access   control   systems,   which   require   a   more   specialized   Physical   Security  Information  Management  (PSIMS)  tool  to  integrate  and  filter  data  into  the  GSOC.      

System Standards and Technology Roadmap During   the  deployment  stage  of   the  GSOC  toolbox,   the  development  of  system  standards  and  a  technology  roadmap  has  proven  essential  to  successful  program  implementation  and  continuity.  This  ensures  that  as  the  system  grows,  it  does  so  in  an  organized  and  sustainable  way.  Developing  these  standards  requires  enforcement,  which  often   involves  partnering  with  other  organizations  within  the  company  during  expansion  projects.    This  can  be  critical.  Having  standards  available  to  the   GSOC   and   the   global   team   clarifies   goals   and   team   and   individual   roles,   sets   expectations,  enforces  accountability  and  increases  operational  efficiency.  This  works  best  when  standards  are  centralized  and  accessible  through  an  online  portal,  or  a  SharePoint  site.    

 

 

GSOC  Best  of  Breed  Opinion     February  2014  ©  2014  Andrews  International,  L.L.C       Page  2  of  5  

Program Optimization It’s   important  to  understand  when  to  make  the  investment   in  enterprise  solutions,  and  when  to  find  cost  effective  solutions   that  achieve   the  equivalent.     For  example:   leveraging  a  virtual  KVM  switch  and  an  industry  standard  commercial  video  card  to  manage  a  video  wall  instead  of  solution  with   a   physical   switcher,   costly   proprietary   hardware   and   an   expensive   graphical   user   interface  (GUI)  may  achieve  the  desired  result  with  a  more  cost  effective  alternative  design.      In  other  cases,  strategic  investment  in  additional  resources  may  result  in  the  best  optimization  of  GSOC   function.   Establishing   a   priority   for   global   threat   monitoring,   for   example,   might   require  tools   that   an  organization   such   as   iJET1   provides,   offering   24x7   tracking   and   analyzing  potential  threats  as  well  as  trusted  crisis  management  and  response  tools.  Visual  Command  Center  by  IDV  Solutions2,   another   example,   provides   the   ability   to   visualize   data   while   analyzing   trends   and  finding   patterns.   By   searching   through   historical   data   and   pulling   together   both   external   threat  data  along  with  internal  data  such  as  company  internal  databases,  the  result  is  a  convergence  of  valuable  actionable   intelligence   from  divergent  sources   -­‐  all   linked   into  one  cockpit  view  for   the  GSOC  to  analyze.      

System Health Maintaining  the  system  is  as  important  as  building  it.  Ensuring  a  tracking  system  is  in  place  enables  a  GSOC  to  score   the  system,   identify  problems,  and  establish  a   transparent  system  health   level.  Operational  status  can  be  determined  on  thousands  of  cameras  by  detecting  if  they  are  online,  if  they  are  programmed  to  do  so  in  the  IP  digital  video  management  system.  Tracking  access  control  activity  through  automated  reports  allows  for  data  analysis  to  identify  major  inefficiencies  in  the  system.  This  tracking  could  also  identify  building  utilization  and  support  cost  control  for  HVAC,  in  a  facilities  maintenance/equipment  monitoring  use.      

                                                                                                                         

1  iJET  International,  Inc.  (iJET)–  an  Annapolis,  Maryland-­‐based  company  –  helps  multinational  organizations  monitor,  protect   against,   and   respond   to   global   threats.   iJET     is   a   long-­‐standing   alliance   partner   that   works   with   the   C&I  Division  to  develop  “best-­‐of-­‐breed”  programs  for  integration  and  management  of    “next  generation”  Global  Security  Operations  Center  (GSOC).      

2   Visual   Command  Center   software  helps  organizations   achieve   this  mission  by  uniting  data   from  external   sources,  enterprise  systems,  and  internal  devices  into  a  real-­‐time,  common  operating  picture  of  risk  and  security.  It  provides  organizations  with  a  practical   approach   to  managing   risk—a  consolidated  view   to   identify,   interrogate,   and   initiate  action.  

 

 

GSOC  Best  of  Breed  Opinion     February  2014  ©  2014  Andrews  International,  L.L.C       Page  3  of  5  

An   effective   global   repair   and   maintenance   program   is   required   to   ensure   all   of   the   GSOC  resources  and   tools  are  working  as  expected.   In   the  GSOC  environment,  devices  will  experience  problems   all   over   the   world,   so   a   strong   partnership   with   a   systems   integrator   is   essential.  Language  barriers,   regulatory   requirements,  cultural  differences,   local  customs,  and   inconsistent  installation   can   make   this   very   challenging.     Having   comprehensive   maintenance   guidelines  documented  and  available  online  for  regional  managers  is  important  to  ongoing  success.  Mapping  maintenance  processes  is  the  crucial  first  step  in  developing  a  sustainable  maintenance  program.  Once   the   detailed   standards   are   established,   effective   project   management   followed   by   a  thorough  commissioning  process  must  be  maintained.    

GSOC Resil iency Ensuring  100%  uptime  is  critical  to  a  GSOC  as  it  is  a  truly  global  helpdesk  for  safety  and  security.    Having  a  “hot”  redundant  center  or  regional  centers  is  recommended.  The  data  also  needs  to  be  replicated,  as  many  regional  server  models  break  up  the  data,  which  does  not  allow  for  enterprise-­‐wide   visibility   from  any  one   single  GSOC.   In   trying   to   achieve   this,   systems  do  not   always   offer  “hot-­‐swap”  servers  redundancy.    If  an  enterprise’s  IT  department  does  not  have  a  robust  resiliency  plan,  EMC3  has  exceptional  trusted  tools  that  provide  this  solution.    

Cyber-security and Intell igence Our  Nation’s   critical   infrastructures   are   composed   of   public   and   private   institutions   in   a  wide  range   of   sectors   that   drive   the   economy   and   quality   of   life   in   our   nation.   The   information  highway  has  become  the  nervous  system  that  controls  our  steady   flow  of  commerce.    A   large  portion−approximately   85%−   of   critical   infrastructure   is   in   the   control   of   private   hands.    Cyberspace   is   composed   of   hundreds   of   thousands   of   interconnected   computers,   servers,  routers,   switches   and   fiber   optic   cables.     The   health   of   cyberspace   and   stability   of   individual  enterprise’s   information  networks  is  essential  to  the  financial  well-­‐being  of  the  nation’s  critical  organizations.      

While  we  face  ever  increasing  complexity  and  dependence  on  these  networks,  we  are  exposed  to  a  rapidly  expanding  and  more  aggressive  and  sophisticated  risk  landscape.    A  wide  spectrum  

                                                                                                                         

3   EMC   is   a   global   leader   in   enabling   businesses   and   service   providers   to   transform   their   operations   and   deliver  information   technology   as   a   service   (ITaaS).   Fundamental   to   this   transformation   is   cloud   computing.   Through  innovative  products  and  services,  EMC  accelerates  the  journey  to  cloud  computing,  helping  IT  departments  to  store,  manage,  protect  and  analyze  their  most  valuable  asset  —  information  —  in  a  more  agile,   trusted  and  cost-­‐efficient  way.  

 

 

 

GSOC  Best  of  Breed  Opinion     February  2014  ©  2014  Andrews  International,  L.L.C       Page  4  of  5  

of   multidimensional   threats   continues   to   grow   and   threaten   information   assets,   with   cyber-­‐attacks  for  an  equally  wide  spectrum  of  motivations.      

A  reactionary  approach  to  these  threats  poses  too  great  a  risk  to  critical  infrastructures.    If  cyber  threats  aren’t   addressed  until   an  attack  occurs,  unrecoverable   loss   can   result.     Just   as   it   is  no  longer  acceptable  practice  to  stand  back  waiting  for  physical  threats  on  our  physical  and  human  assets,  it  is  the  responsibility  of  enterprises  to  proactively  prepare  for  cyber  threats  in  order  to  protect  their  assets,  personnel  and  customers.    

Thorough  and  ongoing  risk  assessment  analysis,  the  establishment  of  sound  threat   intelligence  and   counter-­‐intelligence   should   be   key   objectives   of   the   GSOC.   Anticipating   what   may   be  coming  around  the  corner  or  over  the  horizon  best  serves  the  enterprise  in  protecting  all  assets,  be  they  informational,  physical  or  personal  in  nature.      

Conclusion This  is  a  high  level  guide,  detailing  the  basic  components  required  for  planning  a  successful  GSOC  operation.  Every  GSOC  charter  differs  in  order  to  meet  the  needs  of  the  company  it  serves,  and  so  the  specific   tools   required  to  meet  those  needs  will  also  differ.  The  basic   requirements  outlined  herein  for  setting  up  the  processes  and  standards  are  consistent  best  practices  demonstrated  by  the  Pillars  of   Excellence  below.   For  more   information   regarding   solutions   to   your   specific  GSOC  needs,  contact:      

   

William  M.  "Bill"  Besse,  CHS-­‐V  Vice  President,  Consulting  and  Investigations  Andrews  International  Dallas,  Texas  214.254.3978  (T)  972.741.7532  (C)  wbesse@andrewsinternational.com    

D.C.  Page  Senior  Vice  President,  Consulting  and  Investigations  Andrews  International  66  West  Flagler  Street,  Suite  401  Miami,  Florida  33130  305.373.8488  dcpage@andrewsinternational.com    

 

 

GSOC  Best  of  Breed  Opinion     February  2014  ©  2014  Andrews  International,  L.L.C       Page  5  of  5  

Pil lars of Excellence        

GSOC  Components  

   

• Establishing  standards  

• Having  the  right  tools  

• Technology  roadmap  

• Concept  of  Operations  

System    Health  

   

• Identifying  a  health  score/  monitoring  

• Automating  reporting  and  tracking  

• Global  repair  and    maintenance  process  

Program  Optimization  

 • Making  the  best  out  of    the  tools  that  you  have  

• Identify  the    investments    needed  

• Dedicated  IT    support  

GSOC  Resiliency  

 • BCP  in  place  

• Establish  redundant  server  architecture    

• “Hot”  tools  to  automate  failovers  

Cyber  Security  &  Intelligence  

 

• Counter-­‐intelligence/  defense  

• Positive  collection/  protective  Intelligence  

• Dedicated  Intel  Analyst