{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,2]],"date-time":"2026-05-02T06:42:36Z","timestamp":1777704156010,"version":"3.51.4"},"reference-count":33,"publisher":"SAGE Publications","issue":"3","license":[{"start":{"date-parts":[[2018,7,9]],"date-time":"2018-07-09T00:00:00Z","timestamp":1531094400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/journals.sagepub.com\/page\/policies\/text-and-data-mining-license"}],"content-domain":{"domain":["journals.sagepub.com"],"crossmark-restriction":true},"short-container-title":["Journal of Intelligent &amp; Fuzzy Systems"],"published-print":{"date-parts":[[2018,10]]},"abstract":"<jats:p>At present new sophisticated attacks make organizations\u2019 IT infrastructure (ITI) break-in more professional and dangerously effective. All organizations must oppose this properly designed and centralized information security (IS) management systems. Learn from the past helps to avoid the consequences of serious IS incidents in the future. Therefore, IS management is necessary for rapidly detecting IS incidents, minimizing loss and destruction caused by then, mitigating the vulnerabilities exploited and restoring organizations\u2019 ITIs. This process can be implemented based on Security Operations Centers (SOCs) and Security Intelligence Centers (SICs) as their next evolution step. SOCs\u2019 main functions and serious limitations are defined. The SICs\u2019 concept and functioning are analyzed. The main areas of further research conclude the paper.<\/jats:p>","DOI":"10.3233\/jifs-169615","type":"journal-article","created":{"date-parts":[[2018,7,10]],"date-time":"2018-07-10T14:35:21Z","timestamp":1531233321000},"page":"2637-2647","update-policy":"https:\/\/doi.org\/10.1177\/sage-journals-update-policy","source":"Crossref","is-referenced-by-count":6,"title":["Information security management in SOCs and SICs"],"prefix":"10.1177","volume":"35","author":[{"given":"Natalia","family":"Miloslavskaya","sequence":"first","affiliation":[{"name":"National Research Nuclear University MEPhI (Moscow Engineering Physics Institute), Moscow, Russia"}]}],"member":"179","published-online":{"date-parts":[[2018,7,9]]},"reference":[{"key":"e_1_3_2_2_2","doi-asserted-by":"crossref","unstructured":"MiloslavskayaN. Security operations centers for information security incident management In: Proceedings of the 4th International Conference \u201cFuture Internet of Things and Cloud\u201d (FiCloud 2016) (2006) Vienna Austria pp. 131\u2013138.","DOI":"10.1109\/FiCloud.2016.26"},{"key":"e_1_3_2_3_2","unstructured":"ISO\/IEC 27035-1:2016 Information technology \u2013 Security techniques \u2013 Information security incident management."},{"key":"e_1_3_2_4_2","unstructured":"ISO\/IEC 27001:2013\/Cor 2:2015 Information technology \u2013 Security techniques \u2013 Information security management systems\u2013 Requirements."},{"key":"e_1_3_2_5_2","author":"Cichonski P.","year":"2012","unstructured":"CichonskiP., MillarT., GranceT., ScarfoneK., NIST Special Publication 800-61 Rev 2: Computer Security Incident Handling Guide, 2012. Available on: http:\/\/nvlpubs.nist.gov\/nistpubs\/. Accessed 27 December 2017.","journal-title":"NIST Special Publication 800-61 Rev 2: Computer Security Incident Handling Guide"},{"key":"e_1_3_2_6_2","unstructured":"Accessed SpecialPublications\/NIST.SP.800-61r2.pdf. 27 December 2017."},{"key":"e_1_3_2_7_2","author":"Alberts C.","year":"2004","unstructured":"AlbertsC., DorofeeA., KillcreceG., RuefleR., ZajicekM., CMU\/SEI-2004-TR-015 \u00abDefining Incident Management Processes for CSIRT\u00bb, 2004.","journal-title":"CMU\/SEI-2004-TR-015 \u00abDefining Incident Management Processes for CSIRT\u00bb"},{"key":"e_1_3_2_8_2","volume-title":"Intrusion Detection","author":"Bace R.G.","year":"2000","unstructured":"BaceR.G., Intrusion Detection. Macmillan Technical Publishing, Indianapolis, 2000."},{"key":"e_1_3_2_9_2","volume-title":"Incident Response","author":"Van Wyk K.R.","year":"2001","unstructured":"Van WykK.R. and FornoR., Incident Response. O\u2019Reilly Media Inc., Sebastopol, 2001."},{"key":"e_1_3_2_10_2","volume-title":"Incident Response: A Strategic Guide to Handling System and Network Security Breaches","author":"Schultz E.E.","year":"2001","unstructured":"SchultzE.E., ShumwayR., Incident Response: A Strategic Guide to Handling System and Network Security Breaches. Sams Publishing, Indianapolis, 2001."},{"key":"e_1_3_2_11_2","first-page":"512","volume-title":"Network Intrusion Detection","author":"Northcutt S.","year":"2002","unstructured":"NorthcuttS., Network Intrusion Detection, 3rd edn.. New Riders Publishing, Indianapolis, 2002, 512 p.","edition":"3"},{"key":"e_1_3_2_12_2","volume-title":"Incident response and computer forensics","author":"Prosise C.","year":"2003","unstructured":"ProsiseC., MandiaK., PepeM., Incident response and computer forensics, 2nd edn. McGraw-Hill\/Osborne, New York2003.","edition":"2"},{"key":"e_1_3_2_13_2","volume-title":"The Tao of Network Security Monitoring: Beyond Intrusion Detection","author":"Bejtlich R.","year":"2005","unstructured":"BejtlichR., The Tao of Network Security Monitoring: Beyond Intrusion Detection. Pearson Education, Boston, 2005."},{"key":"e_1_3_2_14_2","volume-title":"Extrusion Detection: Security Monitoring for Internal Intrusions","author":"Bejtlich R.","year":"2005","unstructured":"BejtlichR., Extrusion Detection: Security Monitoring for Internal Intrusions. Addison-Wesley Professional, Boston, 2005."},{"key":"e_1_3_2_15_2","author":"Bidou R.","year":"2005","unstructured":"BidouR., Security Operation Center Concepts & Implementation, 2005. Available on: http:\/\/iv2-technologies.com\/\u223crbidou\/SOCConceptAndImplementation.pdf. Accessed 27 December 2005.","journal-title":"Security Operation Center Concepts & Implementation"},{"key":"e_1_3_2_16_2","volume-title":"Security Operations Center: Building, Operating, and Maintaining your SOC","year":"2015","unstructured":"Security Operations Center: Building, Operating, and Maintaining your SOC. Cisco Press, 2015."},{"key":"e_1_3_2_17_2","volume-title":"Security Monitoring","author":"Fry C.","year":"2009","unstructured":"FryC., NystromM., Security Monitoring. O\u2019Reilly, Cambridge, 2009."},{"key":"e_1_3_2_18_2","volume-title":"Applied Network Security Monitoring:Collection, Detection, and Analysis","author":"Sanders C.","year":"2013","unstructured":"SandersC., SmithJ., Applied Network Security Monitoring:Collection, Detection, and Analysis. Syngress, Boston, 2013."},{"key":"e_1_3_2_19_2","volume-title":"Practice of Network Security Monitoring","author":"Bejtlich R.","year":"2013","unstructured":"BejtlichR., Practice of Network Security Monitoring. No Starch Press, San Francisco, 2013."},{"key":"e_1_3_2_20_2","unstructured":"Security Operations Center. Available on: http:\/\/resources.infosecinstitute.com\/security-operations-center\/. Accessed 27 December 2017."},{"key":"e_1_3_2_21_2","volume-title":"Security Operations Centers \u2014 helping you get ahead of cybercrime","year":"2014","unstructured":"Insights on governance, risk and compliance. Security Operations Centers \u2014 helping you get ahead of cybercrime. EYGM Limited, 2014."},{"key":"e_1_3_2_22_2","unstructured":"BurnhamJ.What Is Security Intelligence and Why Does It Matter Today?https:\/\/securityintelligence.com\/what-is-security-intelligence-and-why-does-it-matter-today\/. Accessed 27 December 2017."},{"key":"e_1_3_2_23_2","article-title":"Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains","author":"Hutchins E.M.","year":"2013","unstructured":"HutchinsE.M., CloppertyM.J. and AminR.M., Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains. Lockheed Martin Corporation, 2013.","journal-title":"Lockheed Martin Corporation"},{"key":"e_1_3_2_24_2","unstructured":"Threat Intelligence Platforms. Threat Connect Inc. 2015 Available on: http:\/\/www.informationweek.com\/whitepaper\/. Accessed 27 December 2017."},{"key":"e_1_3_2_25_2","unstructured":"Security Intelligence. Prevent fraud. Achieve compliance. Preserve security. https:\/\/www.sas.com\/en_us\/software\/fraud-security-intelligence.html. Accessed 27 December 2017."},{"key":"e_1_3_2_26_2","unstructured":"SOC vs. SIC: The Difference of an Intelligence Driven Defense\u00ae Solution. A White Paper Presented by: Lockheed Martin Corporation 2015."},{"key":"e_1_3_2_27_2","first-page":"364","volume-title":"Recent Advances in Information Systems and Technologies. WorldCIST 2017. Advances in Intelligent Systems and Computing","author":"Miloslavskaya N.","unstructured":"MiloslavskayaN., SOC- and SIC-Based Information Security Monitoring. In: Rocha\u00c1., CorreiaA., AdeliH., ReisL., CostanzoS. (eds) Recent Advances in Information Systems and Technologies. WorldCIST 2017. Advances in Intelligent Systems and Computing, Vol. 570 pp. 364\u2013374. Springer, Cham."},{"key":"e_1_3_2_28_2","first-page":"3","article-title":"From data to wisdom","volume":"16","author":"Ackoff R.L.","year":"1989","unstructured":"AckoffR.L., From data to wisdom, Journal of Applies Systems Analysis16 (1989), 3\u20139.","journal-title":"Journal of Applies Systems Analysis"},{"key":"e_1_3_2_29_2","author":"IBM Corporation","unstructured":"IBM Corporation. IT Security Compliance Management Design Guide with IBM Tivoli Security Information and Event Manager. 2, Available on: http:\/\/www.redbooks.ibm.com\/abstracts\/sg247530.html?Open. Accessed 27 December 2017.","journal-title":"IT Security Compliance Management Design Guide with IBM Tivoli Security Information and Event Manager"},{"key":"e_1_3_2_30_2","first-page":"361","volume-title":"Proceedings of 2014 International Conference on Future Internet of Things and Cloud (FiCloud 2014)","author":"Miloslavskaya N.","unstructured":"MiloslavskayaN., SenatorovM., TolstoyA., ZapechnikovS.Information security maintenance issues for big security-related data. In: Proceedings of 2014 International Conference on Future Internet of Things and Cloud (FiCloud 2014)International Symosium on Big Data Research and Innovation (BigR&I-2014), Barcelona, Spain, pp. 361\u2013366."},{"key":"e_1_3_2_31_2","first-page":"41","article-title":"The next generation of SIEM can be found in security analytics","author":"Hamilton M.","year":"2014","unstructured":"HamiltonM., The next generation of SIEM can be found in security analytics. Cyber Defense Magazine, March 2014, pp. 41\u201343.","journal-title":"Cyber Defense Magazine"},{"key":"e_1_3_2_32_2","unstructured":"Network operations center (NOC). Available on: http:\/\/searchnetworking.techtarget.com\/definition\/network-operations-center Accessed 27 December 2017."},{"key":"e_1_3_2_33_2","unstructured":"What Is a Network Operations Center (NOC)? Available on: http:\/\/www.continuum.net\/msp-resources\/mspedia\/what-is-a-network-operations-center-noc Accessed 27 December 2017."},{"key":"e_1_3_2_34_2","unstructured":"PDCA (plan-do-check-act). Available on: http:\/\/whatis.techtarget.com\/definition\/PDCA-plan-do-checkact. Accessed 27 December 2017."}],"container-title":["Journal of Intelligent &amp; Fuzzy Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JIFS-169615","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/full-xml\/10.3233\/JIFS-169615","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JIFS-169615","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T09:40:36Z","timestamp":1777455636000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/10.3233\/JIFS-169615"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,7,9]]},"references-count":33,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2018,10]]}},"alternative-id":["10.3233\/JIFS-169615"],"URL":"https:\/\/doi.org\/10.3233\/jifs-169615","relation":{},"ISSN":["1064-1246","1875-8967"],"issn-type":[{"value":"1064-1246","type":"print"},{"value":"1875-8967","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,7,9]]}}}