🏢
SOC (Security Operations Center)
Security
Operational function responsible for continuous monitoring, detection, triage, and incident response.
Definition
A SOC combines people, processes, and tools (SIEM, EDR, playbooks) to detect and respond to security events 24/7 or during defined hours.
In plain English
Operational function responsible for continuous monitoring, detection, triage, and incident response.
Why this matters
Why it matters: Mature operations reduce dwell time and improve containment of privacy-impacting incidents.
Example
Example: SOC runs alert triage, escalates confirmed incidents, and coordinates remediation and breach notification if needed.