While blending cyber & physical security programs has its benefits, each has a very different mission focus and quite often a separate SOC entirely. The following are several best practices to consider before and after setting up a SOC.
Know Your Focus
A purposeful approach needs to first take into account the specific risks that the SOC will be assisting to mitigate. Identify your risks, incident history, and other relevant data or mandate to determine the primary focus and capabilities minimally required. Once the list of core competencies is flushed out it will be helpful to have when reviewing technology options, as well as operational procedures. While everyone wants a bottomless budget, it makes little sense to purchase the latest product designed to protect an asset your organization does not possess. Focus your design around what your program requires today and will need in the future.
Ergonomics is not a language…it is a critical element of functionality. We can all lose our focus when sitting at a desk for eight hours a day. But we need operators to be alert, engaged, and responsive around the clock. It’s important to make the investment in a quality work space and ergonomics up front in exchange for less maintenance, less operator fatigue, and increased productivity. In addition to a careful consideration and selection of things like furniture, lighting and line of site to video boards, operational rotations of personnel through a variety of desks (access control alarms, call center, administrative duties, etc.) responsibilities or other tasks that get them out of their chair every 2-4hrs can significantly increase staff engagement. Cycling operators out to patrol not only provides physical activity to re-energize interaction with staff at the facility which helps engagement.
Too Many Displays?
Limit the number of CCTV monitors displaying camera feeds on the video wall, as well as time spent monitoring them. Modern wisdom has unequivocally determined that our attention spans degrade significantly after 20 minutes of monitoring CCTV. With multiple views it’s highly unlikely that an incident or even pre-incident behavior will be discovered live. Cameras equipped with data analytics and a well devised and coordinated systems solution will divert an operator’s attention when needed. While random or scheduled video patrols can add value, the ability to review incident footage quickly on a big screen has always been the greater value.
Set the larger viewing screens for your high traffic areas and the smaller ones for lesser active areas if you are determined to display as many feeds as possible. Just remember that detection rates for just 1 monitor is only 85% and dips to 53% when expanded to 9 monitors. Other proactive tasks may be more beneficial for your program.
A difficult goal to realize, especially with legacy systems and/or limited budget, is system compatibility among electronic security systems. The value of a central nerve center is greatly diminished the less compatible your technology is and/or the longer it takes to compile data across multiple locations or countries. Disparate systems can cripple attempts to share information without open source or agnostic products. As system capabilities continue to evolve overnight, it’s generally best to avoid large closed proprietary system purchases unless absolutely committed to a brand.
Policies & Procedures
Develop well devised policies and procedures to compliment your SOC team. Just because this group may now have access to expensive new toys and technology, it doesn’t automatically lend itself to clear procedural policies or the most effective use. The systems may come close, but still won’t do the job for them. Once you’ve worked out the expectations and robust procedural documentation for all responsibilities, make sure it is consistently applied to all personnel and update them as needed for unique situations.
Communicate, Communicate, Communicate
Ensure that regular briefings across security and business stakeholders take place where expectations and interests can be shared. This may seem like a no-brainer, but often can be the cause of perceived or actual under-performance. If you are outsourcing or have proprietary SOC staffing, consider that your organization may be more difficult to navigate than you may believe. All contractors may not have been on copy from an email chain detailing the deliverables of a project or the business unit may never have articulated what they were. It’s important to ensure the SOC staff are plugged into the security and internal business customers or end users of their services and products. Not only do business objectives and geographical opportunities change frequently, you cannot assume that this information matriculates to all concerned parties. Regular all hands briefings or targeted sector dialogues not only keep everyone informed it promotes a collaborative and proactive environment.
SCIS provides licensed and certified security professionals for support of operations center for a number of highly regulated customers. Request more information about SCIS SOC capabilities.