Development of Security Operations Center Capabilities in a Public Cloud Environment: A Case Study of PT. XYZ

Abstract

Cybersecurity has become a major challenge for financial institutions, including PT. XYZ. Although PT. XYZ has established a Security Operations Center (SOC) to safeguard its digital assets, the current SOC team lacks optimal capability to monitor the organization's newly adopted public cloud environment. This gap increases the risk of undetected cyberattacks targeting the cloud infrastructure. This study aims to develop recommendations for enhancing SOC capabilities in PT. XYZ’s public cloud environment using the Design Science Research (DSR) method. The initial SOC condition was analyzed through document review and observation. Capability gaps were identified through focus group discussions (FGD) guided by the SOC-CMM screening tool. The NIST Cybersecurity Framework (CSF) was then employed as the foundation for defining target capabilities. The study resulted in a set of 35 practical recommendations to improve the SOC team's capabilities, categorized according to the SOC-CMM domains.