There are many areas of cybersecurity today. But, by and large, the area of information security in an enlarged manner has two components - technological and regulatory. I want to note right away that the position can sound differently, regardless of the chosen direction of professional development: specialist, analyst, consultant, manager, engineer, etc. The name is not as important here as the tasks performed.
Let's start with the regulatory component, which is often called compliance. It includes several vectors: methodology, standardization and awareness 1 . So, here it is supposed to solve very specific problems: work with standards in the field of information security (ISO 2, federal laws, orders of FSTEC, etc.), analysis of the real situation in the company, bringing existing documentation and infrastructure to conformity with the provisions of various international and domestic standards, interaction with colleagues from related IT departments.
Often, all of the above is complemented by awareness-tasks for the development of methodological manuals in order to increase the literacy of company employees in information security issues and their direct training. One of the main goals of the educational component of information security is to popularize cybersecurity in business: you need to convey to the management its importance and need for the company, and also strive to separate information security into a direction independent of the IT department.
The technological aspect of information security unites two camps - the red team and the blue team. The blue team is sometimes referred to as defensive security. These include: security operations center (SOC), threat intelligence (TI), forensics, cyber intelligence.
SOC is the cyber threat response center. Gartner chief analyst Sidhart Deshpande characterizes it as a collection of equipment and specialists whose tasks are aimed at preventing, identifying and eliminating threats and incidents in the field of information security. SOC analysts also closely interact with colleagues from compliance, when it is necessary to analyze and comply with the requirements of regulators (FSTEC, Central Bank, FSB), provide monitoring and analysis of incidents, investigate them, develop and build protection against attacks.
Know more: What is a computer network?
SOC is closely related to threat intelligence; it is a continuous collection, systematization of information about threats and its enrichment for the most effective use in defense against attacks. Sometimes TI tasks are separated from the SOC direction. While developing at TI, you need to accumulate a knowledge base about incidents, their detection and prevention. This knowledge can be systematized and very quickly applied to prevent attacks in a timely manner; specialists also publish this data on the portals of the relevant organizations and communities.