Welcome » IT Booklets » Information Security » III Security Operations
Management should design policies
and procedures to effectively manage security operations with the
Security operations involve a wide range of activities. Those
activities may be centralized in a security operations center,
distributed within the information security department and business
lines, or outsourced in whole or in part. Security operations
activities can include the following:
Management should establish defined processes and appropriate
governance to facilitate the performance of security operations.
Policies should address the timing and extent of the security
operations activities, reporting, escalation triggers, and response
actions. Many institutions use an issue tracking systemAn issue tracking system (also ITS, trouble ticket
system, ticketing management system, support ticket system, request
management system, or incident ticket system) is a computer
software package that manages and maintains lists of security
issues. to record and manage requests and events. An issue
tracking system can be a source of evidence, contain a variety of
security information, and serve as a valuable tool to assist
management when taking actions to strengthen the information
Management should coordinate security operation activities with
the institution's lines of business and with third-party service
providers. Regardless of how extensive the coordination is, the
goal should be to maintain a sufficient security operation
capability across the entire environment.
Sufficient technology and staff should be available to support
continual incident detection and response activities. Some
institutions may rely on or supplement their activities with third
parties to gain the necessary scope and depth of coverage. Refer to
the IT Handbook's "Outsourcing Technology Services"
booklet for more information.