Professional Documents
Culture Documents
042017-SOC Project Kick Off Meeting V 1 9
042017-SOC Project Kick Off Meeting V 1 9
TECHNOLOGY DIVISION
OUTSOURCED SERVICES FOR SECURITY OPERATION CENTER (SOC) AND IMPLEMENTATION OF SECURITY SYSTEM/TOOLS SOLUTION
PROJECT Page 2
PROJECT BACKGROUND & OBJECTIVE
BNM had issued a Managing Cyber Risk circular on 31st July 2015, requiring all banks to undertake
measures to mitigate cyber threats. One of the measures required to be implemented by all banks is to
implement a Security Operation Center (SOC).
The absence of SOC has been highlighted in IT’s audit finding.
In this regards, we need to setup an SOC to monitor security event centrally, covering perimeter
protection, access breaches, unauthorized access and internal violation.
To setup an outsourced SOC monitoring services for up to 25 devices for the first years & provide
managed security monitoring services for Bank Islam
BNM also require all banks to implement the minimum measures to mitigate cyber threats. In order to
comply to BNM’s requirement, the following security systems/tools are required (but not limited to):
Advanced Persistence Threat (APT) mitigation tools - required to mitigate advanced threat.
Security device management tools - automated tools to review and monitor changes on security
devices.
Distributed Denial of Services (DDOS) on premise solution - provide protection from DDOS
attack.
Anti-Phishing services - a service subscription designed to detect and shut down phishing sites
which mimic bank’s website pages
OUTSOURCED SERVICES FOR SECURITY OPERATION CENTER (SOC) AND IMPLEMENTATION OF SECURITY SYSTEM/TOOLS SOLUTION
PROJECT Page 3
PROPOSED PROJECT ORGANIZATION CHART
Project Sponsor Member
Observer Zainal Azlan Zainudin Zainal Azlan Zainudin
Internal Audit - Mohamed Iran Yusmir Mohd Yousuf
Amran Mohd Ismail
Risk Management - Alina Sylvia
Jasliza Rejab
Compliance - Nik Azmir Project Director Azmi Samuri
Yusmir Mohd Yousuf
Quann Project Director
Programme Manager Project Management Office Yap Wei Hung
Mohd Tarmizie Mohd Shahidan Azlan Abdul Aziz
OUTSOURCED SERVICES FOR SECURITY OPERATION CENTER (SOC) AND IMPLEMENTATION OF SECURITY SYSTEM/TOOLS SOLUTION
PROJECT Page 6
PROJECT SCOPE – SECURITY SYSTEMS/TOOLS
No Scope
2. Implementation of Security Systems/tools solutions
- Security Devices Management tool : Deploy in Bank Islam DC to review and monitor changes on
security devices.
- Advanced Persistence Threat (APT) mitigation tool : Deploy in Bank Islam DC to mitigate
advanced threat.
- Distributed Denial of Services (DDOS) on premise mitigation solution : Deploy in Bank Islam DC
to provide protection from DDOS attack.
- Anti Phishing Services : Subscribe to a cloud service for anti phishing.
OUTSOURCED SERVICES FOR SECURITY OPERATION CENTER (SOC) AND IMPLEMENTATION OF SECURITY SYSTEM/TOOLS SOLUTION
PROJECT Page 7
HIGH LEVEL ARCHITECTURE
BIMB Data Center QUANN Security Operating Center (SOC) DC
SOC
IPS Anti-
Security
Phishing
Firewalls Analyst
Enrich & 24x7x365
Filter & Correlate
Normalize
OS
APP Security
Analyst
DB VPN 24x7x365
(AES256bit)
Event SIEM
Collector tools
DDOS
Security
Analyst
APT 24x7x365
Legend:
SDMT SOC
Security Tools
Security Tools Security Logs
OUTSOURCED SERVICES FOR SECURITY OPERATION CENTER (SOC) AND IMPLEMENTATION OF SECURITY SYSTEM/TOOLS SOLUTION
PROJECT Page 8
SOC Project
PROJECT SCOPE DETAILS (SOC)
No Type System Name Proposed type of events monitored No of Devices
OUTSOURCED SERVICES FOR SECURITY OPERATION CENTER (SOC) AND IMPLEMENTATION OF SECURITY SYSTEM/TOOLS SOLUTION
PROJECT Page 10
PROJECT SCOPE DETAILS (SOC) - CONT
No Device System Name Proposed type of events monitored No of Devices
4. Rentas
- PRDRENTASDB01
- PRDRENTASDB02
- PRDRENTASAPP01
- PRDRENTASAPP02
5. Mobile Banking
- MOBILEAPPPRD
- MOBILEDBPRD
6. Ebanker
- CDBWEBPRD01
- PRDMSCAPP01
4 SWIFT SWIFTSVRPRD Audit trail and security events 1
Total No of Devices 25
OUTSOURCED SERVICES FOR SECURITY OPERATION CENTER (SOC) AND IMPLEMENTATION OF SECURITY SYSTEM/TOOLS SOLUTION
PROJECT Page 11
HIGH LEVEL PROJECT TIMELINE (SOC)
MONTHS
NO. Project Stage Remark
March April May June July
• Hardware Procurement
1. Project Initialization & Planning • Kick Off Meeting
• Information Gathering
• Traffic Analysis
4. Testing • Fine Tuning
• UAT
• Documentations
5. Closure • Administration Training
OUTSOURCED SERVICES FOR SECURITY OPERATION CENTER (SOC) AND IMPLEMENTATION OF SECURITY SYSTEM/TOOLS SOLUTION
PROJECT Page 12
PROJECT TIMELINE (SOC)
OUTSOURCED SERVICES FOR SECURITY OPERATION CENTER (SOC) AND IMPLEMENTATION OF SECURITY SYSTEM/TOOLS SOLUTION
PROJECT Page 13
PROJECT DELIVERABLES (SOC)
OUTSOURCED SERVICES FOR SECURITY OPERATION CENTER (SOC) AND IMPLEMENTATION OF SECURITY SYSTEM/TOOLS SOLUTION
PROJECT Page 14
PROJECT MANAGEMENT APPROACH (SOC)
OUTSOURCED SERVICES FOR SECURITY OPERATION CENTER (SOC) AND IMPLEMENTATION OF SECURITY SYSTEM/TOOLS SOLUTION
PROJECT Page 15
SERVICE LEVEL AGREEMENT (SOC)
Deliverables Frequency
OUTSOURCED SERVICES FOR SECURITY OPERATION CENTER (SOC) AND IMPLEMENTATION OF SECURITY SYSTEM/TOOLS SOLUTION
PROJECT Page 16
SERVICE LEVEL AGREEMENT (SOC) - CONT
MONITORING & LOG ANALYSIS
Description Escalation time
High 10 min
Medium 30 min
Low Under Observation
Note:
“Escalation time stated above is after “T” where “T “is the from the time the incident is detected at Bank Islam devices and analysis, analysis
will not take more than 4 hours
INCIDENT RESOLUTION
Description Resolution Time
High 10 min after “T” where “T” is from the time the incident is detected at Bank Islam
devices and provide update every 15 min until incident closed
Medium 30 min after “T” where “T” is from the time the incident is detected at Bank Islam
devices and provide update every 15 min until incident closed
OUTSOURCED SERVICES FOR SECURITY OPERATION CENTER (SOC) AND IMPLEMENTATION OF SECURITY SYSTEM/TOOLS SOLUTION
PROJECT Page 17
SERVICE LEVEL AGREEMENT Rebate (SOC)
OUTSOURCED SERVICES FOR SECURITY OPERATION CENTER (SOC) AND IMPLEMENTATION OF SECURITY SYSTEM/TOOLS SOLUTION
PROJECT Page 18
SECURITY SYSTEMS/TOOLS
PROJECT
PROJECT SCOPE DETAILS (SECURITY SYSTEMS/TOOLS)
OUTSOURCED SERVICES FOR SECURITY OPERATION CENTER (SOC) AND IMPLEMENTATION OF SECURITY SYSTEM/TOOLS SOLUTION
PROJECT Page 20
HIGH LEVEL PROJECT TIMELINE (SECURITY SYSTEMS/TOO
MONTHS
NO. Project Stage Remark
March April May June July
• Hardware Procurement
1. Project Initialization & Planning • Kick Off Meeting
• Information Gathering
2.
Implementation • Bank Islam DC Readiness
Preparation
• AlgoSec setup
• FireEye setup
3. Execution Implementation • Radware setup
• LookingGlass setup
• Fine Tuning
4. Testing • UAT
• Documentations
5. Closure • Administration Training
OUTSOURCED SERVICES FOR SECURITY OPERATION CENTER (SOC) AND IMPLEMENTATION OF SECURITY SYSTEM/TOOLS SOLUTION
PROJECT Page 21
PROJECT TIMELINE (SECURITY SYSTEMS/TOOLS)
OUTSOURCED SERVICES FOR SECURITY OPERATION CENTER (SOC) AND IMPLEMENTATION OF SECURITY SYSTEM/TOOLS SOLUTION
PROJECT Page 22
PROJECT DELIVERABLES (SECURITY SYSTEMS/TOOLS)
OUTSOURCED SERVICES FOR SECURITY OPERATION CENTER (SOC) AND IMPLEMENTATION OF SECURITY SYSTEM/TOOLS SOLUTION
PROJECT Page 23
PROJECT MANAGEMENT APPROACH (SECURITY SYSTEMS/TOOLS)
OUTSOURCED SERVICES FOR SECURITY OPERATION CENTER (SOC) AND IMPLEMENTATION OF SECURITY SYSTEM/TOOLS SOLUTION
PROJECT Page 24
SERVICE LEVEL AGREEMENT (SECURITY SYSTEMS/TOOLS)
Deliverables Support and Maintenance
OUTSOURCED SERVICES FOR SECURITY OPERATION CENTER (SOC) AND IMPLEMENTATION OF SECURITY SYSTEM/TOOLS SOLUTION
PROJECT Page 25
OUTSOURCED SERVICES FOR SOC AND MANAGED SECURITY MONITORING Page 26