WEBVTT 00:00.200 --> 00:03.350 Network security, best practices and guidelines. 00:03.380 --> 00:08.330 Network security does not just end when we implement security products or processes. 00:08.360 --> 00:15.770 A network is a like a living and breathing organism that evolves with time but sometimes breaks down 00:15.770 --> 00:17.630 and needs maintenance. 00:17.870 --> 00:23.870 Apart from security issues, there are many common uses that can occur, so including network connectivity 00:23.900 --> 00:29.870 uses, power outages, network crashes and black holes in routing. 00:30.380 --> 00:37.430 Typically a security operations center, SOC is something that is the center of security monitoring 00:37.430 --> 00:38.360 and operations. 00:38.360 --> 00:44.810 But at the same time, a network operations center can play a very important role in a network resilience 00:44.810 --> 00:46.700 and optimal performance. 00:47.120 --> 00:52.340 In this section, we will take a look at some of the key attributes of the network operations center. 00:52.610 --> 00:59.330 A network operations center is a central entity for organizations, network monitoring and behavior. 00:59.420 --> 01:07.380 This encompasses technology and processes essential to actively managing and responding to networking 01:07.380 --> 01:08.850 related uses. 01:09.570 --> 01:17.130 A typical network operations center consists of engineers and analysts monitoring the network and ensuring 01:17.130 --> 01:22.110 smooth operation and ensuring network infrastructure uptime. 01:22.140 --> 01:30.030 This includes but is not limited to network device, server application and endpoint monitoring, hardware 01:30.030 --> 01:36.240 and software installation concerning network devices and network analysis and which is discovering and 01:36.240 --> 01:37.110 assessments. 01:37.140 --> 01:44.220 Network Operations Center often encounter complex networking uses that might need troubleshooting and 01:44.220 --> 01:49.320 collaboration between different IT teams to investigate and resolve the issue. 01:49.680 --> 01:56.370 To increase the overall effectiveness of a network operations center, a organizations focus on a few 01:56.370 --> 02:02.070 areas as discussed in next subsections proper incident management. 02:02.670 --> 02:08.820 This will include identifying an incident investigating the root cause, resolving the incident and 02:08.820 --> 02:13.050 preventing its recurrence to avoid business disruption. 02:13.380 --> 02:19.770 For a more evolved look at the best practices for incident management and the organization should review 02:19.770 --> 02:26.310 and analyze their adherence for the ideal incident management framework. 02:26.340 --> 02:34.710 This includes prioritizing incidents based on their impact accurately reflecting on the current status 02:34.710 --> 02:37.590 and documentation of all certificates. 02:39.230 --> 02:45.200 Implementing a streamlined process to ensure that the effective handling of incidents that's in line 02:45.200 --> 02:47.420 with the organization's policy. 02:47.810 --> 02:52.490 Automating elementary manual iterative tasks and escalations. 02:54.110 --> 02:59.990 Implementing an effective communication mechanism for sharing a real time updates with the required 02:59.990 --> 03:01.160 stakeholders. 03:01.430 --> 03:07.310 Integrating third party applications such as ticketing systems, monitoring dashboards and knowledge 03:07.310 --> 03:13.610 base throughout intelligence and so on to make the analysts more powered. 03:13.940 --> 03:20.380 Establishing key performance indicators and driving continuous improvement by reporting on them. 03:20.390 --> 03:27.590 This helps the organization continuously improve and innovative on its performance metrics and key deliverables 03:27.590 --> 03:34.180 such as higher performance quality, lower cost to serve them and their mean to time to the result. 03:34.910 --> 03:41.600 An incident response team should consist of a hierarchical team structure where each level is accountable 03:41.600 --> 03:43.640 and responsible for certain activities. 03:43.640 --> 03:47.660 As you can see here, Tier one Analysts. 03:47.960 --> 03:54.520 Tier one Analysts acts as the first point of contact in the incident response process. 03:54.540 --> 04:00.120 They are responsible for recording classification and first line investigation. 04:01.020 --> 04:03.030 Tier two Analysts. 04:03.390 --> 04:11.610 Tier two analysts act as an escalation point for Tier one also acts as a SME for deeper investigation 04:11.610 --> 04:14.280 and creation of knowledge articles. 04:14.310 --> 04:19.770 They are also required to escalate major incidents to Tier three. 04:20.610 --> 04:22.530 Tier three Analysts. 04:22.980 --> 04:30.450 Tier three analysts act as an escalation point for Tier two and is responsible for restoring an impacted 04:30.450 --> 04:31.320 service. 04:31.710 --> 04:37.740 They escalate or resolve the incidents at a relevant vendor or team for resolution. 04:37.770 --> 04:42.090 They also act as a liaison between internal and vendor teams. 04:42.120 --> 04:44.400 Incident Coordinator. 04:44.550 --> 04:51.510 Incident Coordinator acts as the administrative authority, ensuring that the process is being followed 04:51.510 --> 04:53.970 and the quality is maintained. 04:54.150 --> 05:00.570 They are responsible for assigning an incident within a group, maintaining communication with the incident 05:00.570 --> 05:05.220 manager and providing trend analysis for iterative incidents. 05:05.850 --> 05:07.860 Incident Manager. 05:08.220 --> 05:13.950 Incident Manager manages the entire process until normal service is restored. 05:14.390 --> 05:20.900 They are primarily responsible for planning and coordinating activities such as monitoring resolution 05:20.900 --> 05:22.160 and reporting. 05:22.340 --> 05:31.430 They act as a point for major escalations, monitor the workload and SLA adherence conduct incident 05:31.430 --> 05:38.450 reviews, provide guidance to the team and ensure continuous improvement and process excellence. 05:38.660 --> 05:44.660 In some organisations there are other roles such as incident assignment, group manager and incident 05:44.660 --> 05:50.600 process owner who is accountable for designing, maintaining and improving the process to ensure the 05:50.600 --> 05:54.230 efficiency and effectiveness of the service's delivery.