Command Centers
A command and control center is a secure facility that provides centralized monitoring, control and command of a situation. One of the benefits of a command and control center is that it brings together multiple disciplines, sectors, or actors in a crisis situation.
State and local government agencies use command and control centers to coordinate their responses to events such as hurricanes, floods, forest fires, terrorist attacks, or mass shootings. Oil, gas, and power companies need command and control centers from which to watch their resources, maintain safe operating conditions and respond to emergencies. Large private enterprises rely on an operations command center for all IT or network resources in order to keep an eye on the entire scope of their IT infrastructure.
The environment
The establishment of a control center requires careful planning; its physical security must be taken into consideration; also the layout of the operations center has to be carefully designed to be both comfortable and functional – lighting and acoustics issues must not be overlooked. A control center is expected to contain several areas, including an operational room, a “war room” and the supervisors’ offices. Comfort, visibility, the efficiency and control are key terms in this scenario and every single area must be designed accordingly.
The technology
Once the mission and the scope of the control center have been defined, its underpinning infrastructure must be designed; many components are necessary to build a complete technological environment: firewalls, IPSs/IDSs, breach detection solutions, video walls, video controllers, network racks etc. Effective and efficient data collection is fundamental for a successful control center.
People and processes
While technical requirements are of the greatest importance, the most advanced and best-equipped control room would be worthless without people and procedures bringing it to life! Besides technology, people and processes are the pillars of a successful control center.
Security tools and technology components
A deeper analysis of the technology components supporting the control center cannot be exempted from a strong emphasis on security; every single detail of an in-depth approach must not be overlooked. Since the control center is a team, collaboration tools have to be carefully designed to give the members the best user experience available, which would in turn give the control center the best ability to produce value for the business: this goal must be accomplished with all the security assurance requirements needed for a Security Operations Center. Mobile devices (and their security) are another aspect that cannot be neglected while designing and building a control center.
Methodology and intelligence
To improve the security posture of the organization, a control center must be both active and proactive while carrying out the Vulnerability Management process. Risk assessment and a sound approach to vulnerability handling is a priority for a control center. Furthermore, a context aware threat intelligence approach has to be taken to deliver more value and to be more effective in detecting/preventing the breaches and in damage containment.
“Safety and security don’t just happen, they are the result of collective consensus and public investment. We owe our children, the most vulnerable citizens in our society, a life free of violence and fear” – Nelson Mandela
Best Practices
A proactive approach to information and network system monitoring is crucial. If a network operations center team continuously tracks network activity, it can identify problems before they escalate.
The operations team must find ways to detect and resolve incidents — as quickly and efficiently as possible. In the event that an outage occurs, the team must have processes, protocols, and procedures in place to address the issue and limit its impact. The operations team must also communicate with key stakeholders throughout an incident and ensure that they are kept up to date until the incident is resolved.
Incidents must be escalated, depending on their priority and severity. The operations team can use an incident management platform that allows team members to set up escalation groups and add on-call schedules for automatic escalations.
Incidents should be classified based on SLAs, their impact on stakeholders, and other criteria. With a classification system in place, the operation team can determine how incidents affect your enterprise and its stakeholders.
The operation team must retrieve performance data and evaluate it regularly. The team can use this information to produce reports and identify performance trends and patterns. It can also leverage data and reports to find ways to constantly improve its performance.
Ensure that all incident response activities are documented and tracked. The operation members must document when an incident occurs and any actions that were used to resolve it. They must also review incident reports to determine their strengths and weaknesses.
NOC systems should be tested regularly, with results of these tests tracked and evaluated. If any system issues are identified, they should be resolved immediately. NOC system testing can provide NOC team members with insights into potential availability and performance problems.