The implementation and deployment of an Information System often require the acquisition of IT infrastructures and their setup in a data center to ensure their proper functioning and security. This security is articulated around different axes, encompassing aspects related to the environment (air conditioning, fire prevention system, etc.), electrical power supply (backup, redundancy, etc.), and physical security. The stakes of maximum security depend on both active and passive elements.

Several companies, as well as administrations and public organizations, have invested in setting up data centers, either to support digital transition and the development of their information systems or to consolidate their IT infrastructures and optimize their resources. The success or failure of these projects has required overcoming several challenges related to the choice of location, architecture, security, and/or service continuity.

Moreover, the particular attention given to these data centers to secure them and turn them into real places of protection has often led to complex security devices and architectures that are difficult to manage and supervise. Faced with the increase in cyber-attacks and security-related incidents, companies, administrations, and public organizations are now compelled to equip themselves with dedicated structures and advanced capabilities for the detection and reaction to security incidents. These structures are designated by the acronym 'SOC: (Security Operating Center or Security Operations Center).

The SOC's function is to collect and analyze events from various components of the Information System, detect anomalies, and define reactions in case of alert. The SOC thus ensures real-time monitoring of security events, offering a better understanding of threats and appropriate reporting management to analyze the history, assess the current situation, and above all, improve the defense perimeter of the Information System.

The optimal functioning of the SOC depends on the combination of qualified human resources, efficient technological tools, adapted processes, and established and involved governance.

Indeed, the effectiveness of the SOC essentially depends on humans because, beyond tools, it is the personnel dealing with an incident who must have good experience and in-depth technical knowledge. To achieve this, it is necessary to invest in the training of internal resources.

From a technological point of view, a SOC generally uses a set of technical solutions that can vary depending on the SOC's size and the scope to be supervised. The main platform of the SOC is the Security Information and Event Management system (SIEM). It consolidates and correlates events from several components of the Information System, including Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Database Activity Monitoring (DAM), Firewalls, Antivirus, to provide understandable and exploitable information on the state of the supervised IS. Furthermore, the SOC cannot be effective without the establishment of sufficiently thoughtful and efficient processes, capable of covering various possible incident scenarios and providing guidelines for decision-making and appropriate intervention measures for each incident. The same applies to change management mechanisms to quickly update processes when improvement opportunities arise.

Finally, the successful implementation of a SOC requires involved governance, which will define the mission and scope of the assets to be supervised and be able to control and regulate the SOC's operation to avoid conflicts of interest.

In this context and in continuation of its awareness and training actions in cybersecurity, the General Directorate of Information Systems Security (DGSSI), in partnership with the National Institute of Posts and Telecommunications (INPT), is organizing a seminar on Data Centers and Security Operations Centers on October 25th and 26th, 2016, at the INPT headquarters in Rabat.

This seminar, which involves Moroccan and foreign experts, is intended for Information Systems Security Officers (ISSOs) and SI administrators. Its objective is to inform about best practices and international standards regarding the implementation and operation of Data Centers, as well as the threats and vulnerabilities they face in an interconnected world. This seminar is also an opportunity to introduce the essential role of setting up security operations centers in the optimal management of any organization's security infrastructure through training provided by the teams of the Center for Monitoring, Detection, and Response to Cyber Attacks (maCERT).