Security Operations Center (SOC)
The Integrated Government Philippines (iGovPhil) Program is one of the components of the eGovernment Master Plan (EGMP), the government's blueprint for implementing the harmonization and integration of its information and communications technology (ICT) efforts.
To guarantee the reliability, effectiveness, and stability of the e-government initiatives defined by the EGMP, the iGovPhil Program will need to implement a strong security system that will secure the whole infrastructure. Because the iGovPhil Program to cater to the whole of government, establishing the Security Operations Center (SOC) is necessary to maintain the security of all agency applications and systems lodged in the iGovPhil Program's infrastructure.
The SOC enables a centralized resource for the regular monitoring, vulnerability management, risk management, and escalation and resolution of IT security incidents affecting the whole iGov infrastructure. Measures such as hardening, security testing and source code reviews are part of the SOC activities.
Since 2015, the SOC has been conducting vulnerability management, log analysis/monitoring, network security monitoring, fine tuning, incident handling, security incident escalation, penetration testing, source code analysis, and application of rules and security policies, among others. These processes are made possible through the various security tools utilized by the SOC, which include an intrusion prevention and intrusion detection system (IPS/IDS), web vulnerability scanner, web application scanner, penetration testing tool, and a source code analysis tool.
The tools and equipment that have been acquired will be regularly upgraded to ascertain that the SOC is able to deliver its services to government agencies who availed of the services under the iGovPhil Program. In addition to these tools and equipment, the SOC has also produced the corresponding documentations for said tools.
A service delivery lifecycle (SDLC) is to be implemented once the required human, hardware, and network resources and processes are set in place. The trained and competent manpower of the SOC will see to it that the SDLC is adhered to, and the implementation of at least three different network environments (development, staging, and production) is observed.