Security operations center

From Wikipedia, the free encyclopedia
  (Redirected from Security Operations Center)
Jump to: navigation, search

A security operations center (SOC) is a centralized unit that deals with security issues on an organizational and technical level. A SOC within a building or facility is a central location from where staff supervises the site, using data processing technology.[1] Typically, a SOC is equipped for access monitoring, and controlling of lighting, alarms, and vehicle barriers.[2]


An information security operations center (ISOC) is a dedicated site where enterprise information systems (web sites, applications, databases, data centers and servers, networks, desktops and other endpoints) are monitored, assessed, and defended.

The United States government[edit]

The Transportation Security Administration in the United States has implemented security operations centers for most airports that have federalized security. The primary function of TSA security operations centers is to act as a communication hub for security personnel, law enforcement, airport personnel and various other agencies involved in the daily operations of airports. SOCs are manned 24-hours a day by SOC watch officers. Security operations center watch officers are trained in all aspects of airport and aviation security and are often required to work abnormal shifts. SOC watch officers also ensure that TSA personnel follow proper protocol in dealing with airport security operations. The SOC is usually the first to be notified of incidents at airports such as the discovery of prohibited items/contraband, weapons, explosives, hazardous materials as well as incidents regarding flight delays, unruly passengers, injuries, damaged equipment and various other types of potential security threats. The SOC in turn relays all information pertaining to these incidents to TSA federal security directors, law enforcement and TSA headquarters.


A cloud security operations center (CloudSOC) may be set up to monitor cloud service use within an enterprise (and keep the Shadow IT problem under control), or parse and audit IT infrastructure and application logs via SIEM technologies and machine data platforms (such as LogRhythm, Splunk, IBM QRadar, HP ArcSight, CYBERShark and Elastica) to provide alerts and details of suspicious activity.

Other types and references[edit]

In addition, there are many other commonly referenced terms related to the original "ISOC" title including the following:

NSOC, Network Security Operations Center

ASOC, Advanced Security Operations Center

GSOC, Global Security Operations Center

vSOC, Virtual Security Operations Center

See also[edit]


  1. ^ de Leon, Sixto O. (1976). Security: Defense Against Crime. Manila: National Book Store. p. 17. 
  2. ^ .Nadel, Barbara A. (2004). Building Security: Handbook for Architectural Planning and Design. McGraw-Hill. p. 2.20. ISBN 978-0-07-141171-4.