Designing and building an effective security operation center requires security managers and leaders to fit capabilities to both an organization’s culture and business requirements. Learn the distinct functional areas that every SOC should have. These areas allow organizations to create an architecture for the high-level components of security operations: command center; network security monitoring functionality; threat intelligence; incident response; forensic analysis; and ongoing self-assessment of the attack surface of the organization. With these functional areas in place and aligned with the business, you will be better positioned to thwart modern, motivated threats to your information assets. Content is based on the new SANS MGT517 course entitled “Managing Security Operations: Detection, Response, and Intelligence.” The course covers the design, build, and operation of security operations centers with a deep dive into managing incident response.