Chapter 9 - Technical Operations


Technical operations security needs constant evaluation and evolution to safeguard enterprise assets in a digitalized era with increasing cybersecurity risks. Going forward, adoption of new technology and innovation will be crucial both in terms of promoting competitiveness of the business and to achieve more effective cyber risk management and mitigation. As stated in a PWC survey, the benefits of innovation are evident, closing the wide lead that attackers have held for a long time. The shift of operations and security tools to cloud infrastructure, switching to advanced technologies, and restructuring operations through automation and rationalization are improving the cost efficiency and effectiveness of cyber operations through-out the enterprise. However, there will also be risks associating new innovation, which may be detrimental if not accounted for properly. As organizations go through modernization processes and are subject to increasingly sophisticated attacks, such as SolarWinds, they need to incorporate strategies such as the Defense in Depth for proper management of the security programs and controls to not only enhance operational effectiveness, but also enhance operational security.

Maintaining and investing in a centralized and robust technical security operations team focused on defense-in-depth will best position an organization to meet and address these accelerating threats. Having the program elements in place is the first step, equally important is maintaining vigilance to keep coverage of all the program elements at the highest percentage possible. This coverage is key as threat actors will exploit gaps wherever they exist, regardless if they expose high risk assets or not.

With ownership of an organization’s assets and defense-in-depth program elements defined, measurement of and adherence to the highest standards within those elements can be best effectuated. With this in place, cybersecurity roles and responsibilities for all other functions and staff come into focus and can enable requirements for collective efforts from participants across the entire organization.

Key Ideas
  • The demands on cybersecurity operations continue to grow as cyber-attacks increase in sophistication and speed.

  • Even firms with the highest budgets and the most sophisticated tools and techniques risk becoming the victims of cyber-attacks due to an inability to consistently execute across the constantly changing IT environments, including internal and third-party operations.

  • The defense-in-depth strategy provides multiple controls and techniques to protect data from malicious activities through the combination of prevention, detection, and response operations—as detailed in this chapter.


  • Technical Security Operations, including the Security Operation Center (SOC), is expanding its role at leading firms and can become the independent central program execution hub for a firm’s defense-in-depth strategy, thus ensuring the broadest possible coverage and execution of a firm’s security strategy.


  • Advanced technologies such as AI and machine learning expand the ability to scale security programs to cover the interaction of cybersecurity and fraud, thus enhancing the effectiveness and efficiency of these efforts.

Combining Technology, Public Policy and Economics to Create a Sustainable System of Cybersecurity


| 703-907-7090


| 2500 Wilson Blvd, #245
Arlington, Virginia 22201


ISA provides cybersecurity expert testimony and thought leadership in government and serves as an expert witness to the press.