This is the first complete guide to building, operating, managing, and operating Security Operations Centers in any business or organizational environment. Two leading IT security experts review the characteristics, strengths, and weaknesses of each SOC model (including virtual SOCs) -- thereby helping you select the right strategic option for your organization. Next, they walk you through every phase required to establish and operate an effective SOC, including all significant people, process and technology issues. You'll also find complete configuration examples covering the open source, Cisco, and non-Cisco components most likely to be found in modern, fully operational SOCs. Coverage includes: An up-to-date review of modern security operations and challenges, from information assurance and risk management to incident response How SOCs emerged and have evolved: what SOCs can do that other security approaches can't A New SOC Maturity Model: evaluating where you stand and where you need to go Planning your SOC: strategy, mission, functions, services, and more Designing infrastructure, facilities, networks, and physical security Comparing dedicated and virtualized SOC environments Collecting and analyzing security data Integrating vulnerability and risk management Organizing effective incident response teams, and measuring their performance Building out your SOC infrastructure: network, security, systems, storage, and collaboration Developing an SOC handbook your people can use (including a practical example) Best practice operations: maintenance, reviews, metrics, and continuous enhancement