MITRE Publishes 11 Strategies of a World-Class Cybersecurity Operations Center

New book guides security operations center operators in enhancing digital defenses
Graphical representation of a cyber network coming together in a single point.

McLean, Va., and Bedford, Mass., March 29, 2022—MITRE published 11 Strategies of a World-Class Cybersecurity Operations Center, a practical book for enhancing digital defense for security operations center (SOC) operators. Fully revised, this second edition from the original Strategies textbook published in 2014, includes new material and evolved thinking to bring a fresh approach to excelling at cybersecurity operations.

“Operating without commercial conflicts of interest, we’re working to arm a worldwide community of cyber defenders with vital information to thwart network intruders,” said Wen Masters, vice president, cyber technologies, MITRE. “We draw from a wealth of deep technical expertise at MITRE to address the ever-evolving challenges in cybersecurity. The authors of 11 Strategies of a World-Class Cybersecurity Operations Center bring forth the best principles and practices within MITRE to help the entire cyber ecosystem leverage up their defenses and operations.”

Authors Kathryn Knerler, department manager and senior principal cybersecurity architect, MITRE; Ingrid Parker, chief engineer, Homeland Security Enterprise Division, MITRE; and Carson Zimmerman, investigations team lead, M365, Microsoft, and formerly a cybersecurity engineer at MITRE, designed the book to appeal to a wide range of cyber professionals.

The book helps SOC managers, technical leads, engineers, and analysts looking to evolve their existing SOC or to build a new SOC, as well as students and IT professionals transitioning into cybersecurity operations. Readers will learn how to:

  • Understand the mission context in which the SOC operates.
  • Identify the right SOC structure and functions for their organization.
  • Hire and grow talented staff.
  • Instrument digital assets and fuse their data to speed workflow, maximize detection, and inform situational awareness.
  • Leverage cyber threat intelligence to operationalize threat-oriented defense, adversary emulation, hunting, and response.
  • Tell the SOC’s story through effective metrics and communications.

11 Strategies of a World-Class Cybersecurity Operations Center can be downloaded for free from MITRE.org/11Strategies. A 20-page summary of the book also is available. The e-book and print copies will be available later this spring from Amazon.com.

The authors detail 11 core strategies for operating a SOC to better enhance cyber defense:

  1. Know what you are protecting and why.
  2. Give the SOC the authority to do its job.
  3. Build a SOC structure to match your organizational needs.
  4. Hire and grow quality staff.
  5. Prioritize incident response.
  6. Illuminate adversaries with cyber threat intelligence.
  7. Select and collect the right data.
  8. Leverage tools to support analyst workflow.
  9. Communicate clearly, collaborate often, and share generously.
  10. Measure performance to improve performance.
  11. Turn up the volume by expanding SOC functionality.

11 Strategies of a World-Class Cybersecurity Operations Center is one of many MITRE resources available to the public to secure cyber systems. As part of its cybersecurity research in the public interest, MITRE has a long history of developing standards and tools used by the broad cybersecurity community, such as MITRE ATT&CK ®, CALDERA™, CAPEC™, D3FEND™, and MITRE Engage™. MITRE Engenuity’s Center for Threat-Informed Defense also brings those tools and research to private and public sector organizations to advance best practices in cybersecurity.

About MITRE

MITRE’s mission-driven teams are dedicated to solving problems for a safer world. Through public-private partnerships and federally funded R&D centers, MITRE works across government and in partnership with industry to tackle challenges to the safety, stability, and well-being of our nation.

Media: Lisa Fasold, media@mitre.org