Security and risk professionals develop and deliver solutions that protect enterprise systems, applications and data by establishing policies, practices and tools that prevent unauthorized access, use, disclosure, modification or disruption.

More Uses of the Arcsight Toolkit:

  • Be certain that your team uses expertise specialty, consultative solution selling and business development skills to align the clients business needs with solution.
  • Utilize Arcsight, network traffic packet analyzer, intrusion detection system (IDS), and other tool sets to identify and investigate anomalies.
  • Ensure you amplify; lead and coordinate event collection, log management, event management, compliance automation, and identity monitoring activities.
  • Confirm your venture complies; conducts audits to ensure information systems security policies and procedures are implemented as defined in security plans and best practices.
  • Make sure that your team determines the lifecycle of security information and event management (SIEM) rules, reports, and dashboards to present actionable threat to Intrusion Analysts by refining existing rule logic.
  • Lead: identity new or develop existing data integration points to build a security data warehouse for the purpose of exploratory analytics.
  • Standardize: on a regular basis (recommended at least monthly), meet with the account team to review security status, review any risks, issues, incidents, outstanding activities, current and planned changes.
  • Support security incident event management (SIEM) solutions to perform analysis and reporting on data collected by the log management solutions implemented throughout the enterprise.
  • Develop a comprehensive SIEM and Security Analytics architecture to support real time security monitoring operations.
  • Ensure you consult; build new or develop existing event correlation, reporting and remediation capabilities based on advanced monitoring use cases, external threat intelligence, and known traffic patterns.
  • Confirm your planning complies; monitors and analyzes Security Information and Event Management SIEM to identify security issues for remediation.
  • Control: team and vendor management, monitoring and management of the use of resources supporting the security operations center.
  • Lead best practice knowledge and apply skills to deliver an effective solution specific to project needs.
  • Perform all source intelligence analysis to determine and report on characteristics of various systems/issues and other project/program objectives.
  • Establish that your organization complies; as it pertains to consultancy, management and focus varies greatly from account to account as there are variable customer and contractual requirements.
  • Manage to perform analysis and reporting on data collected by the log management solutions implemented throughout the enterprise.
  • Warrant that your organization complies; conducts Cyber analytical activities, evaluation of information/technical/physical security systems and practices, Cyber investigations, and related duties.
  • Ensure you gain; lead and/or coordinate cloud security, privacy, and compliance considerations that address your customers compliance and regulatory needs.
  • Oversee: review assembled data with firewall administrators, engineering, system administrators and other appropriate groups to determine the risk of a given event.
  • Troubleshoot and configure networking devices, various platforms, and database, Windows and/or Unix system administration.
  • Identify: performance of threat management, threat modeling, identification of threat vectors and development of use cases for security monitoring.
  • Develop technical and operational views, reports, and summaries to provide leadership with a continuous, accurate, situational understanding and impact to mission and operational risk.
  • Follow change management process and system development lifecycle process associated with varies development models (Agile).
  • Make sure that your business complies; analysis should all be able to create custom content and develop new use cases to better correlate security event information.
  • Manage work on investigating, resolving, and/or escalating first level security alerts to second tier Cybersecurity analysis.
  • Communicate the performance and health of the security program at regular intervals by participating in the development of standard update reports, scorecards, and trend summaries.
  • Audit: conduct pivoting analysis using threat intelligence to identify current threat activity and to proactively address related vulnerabilities.
  • Formulate: act as the liaison to business units to fulfill audit, regulatory compliance and/or corporate security policy requirements.
  • Provide a single point of contact to the account management and delivery teams for all operational security related activities for the customer account.
  • Lead SOC lead incident handler shifts, incident response engagements, threat intelligence analysis and threat hunting activities.

 

Categories: Articles