SOURCE: The MITRE Corporation

The MITRE Corporation

October 01, 2014 09:15 ET

New MITRE Book Outlines Ten Proven Strategies for Computer Network Defense

Best Practices Apply to Government, Industry, Academia and Nonprofit Sector

MCLEAN, VA--(Marketwired - October 01, 2014) - In his book published this week, Ten Strategies of a World-Class Cybersecurity Operations Center, Carson Zimmerman of The MITRE Corporation offers ten practical ways to strengthen computer network defense. The best practices are based on MITRE's accumulated experience supporting large-scale U.S. military and civilian cybersecurity operations centers (CSOCs) and take into account technology, people and process issues -- all three of which must be addressed for network defense to be effective. Ten Strategies is free and available as a pdf on

Zimmerman, a MITRE principal cybersecurity engineer with a decade of CSOC experience, describes key decision points for structuring a CSOC. He outlines how to:

  • Find the right size and structure for the CSOC team
  • Achieve effective placement within a larger organization that enables CSOC operations
  • Attract, retain and grow the right staff and skills
  • Prepare the CSOC team, technologies and processes for agile, threat-based response
  • Architect for large-scale data collection and analysis with a limited budget
  • Prioritize sensor placement and data feed choices across enterprise systems, enclaves, networks and perimeters

"Most CSOCs are set up and operate with a focus on technology, without adequately addressing people and process issues, which often get in the way of successful network defense," said Zimmerman. "The main premise of this book is that a more balanced approach would be more effective."

The book is written with federal government CSOCs (also known as security operations centers, or SOCs) in mind, including those within civilian agencies, the Department of Defense and the Intelligence Community. However, the tactical "how tos" will resonate with CSOC managers, technical leads, engineers and analysts, regardless of the SOC's size, capabilities or constituency served. And Zimmerman points out that the vast majority of the best practices described also apply to the commercial sector, nonprofits and academia.

Much has changed on the cybersecurity front since many related reference materials were published in the early- to mid-2000s -- the range of technologies a CSOC must work with has grown wider; the complexity of networks and networking technologies has increased; and CSOCs are asked to provide a wider portfolio of capabilities. Additionally, the impact of the sophisticated APT [advanced persistent threat] has come to the forefront. Zimmerman's guidance is written with all of these changes in mind.

"The SOC is vital to the information security program of any organization," said Gary Gagnon, MITRE senior vice president and chief security officer. "If it's not effective and agile, the organization leaves itself vulnerable to intrusion. We must evolve to an active, threat-based defense that balances mitigation with detection and response. The CSOC Carson describes so clearly and concisely in this book is at the heart of this strategy."

Zimmerman holds a master's degree in information systems from George Mason University and a bachelor's degree in computer engineering from Purdue University.

About The MITRE Corporation

The MITRE Corporation is a not-for-profit organization that operates research and development centers sponsored by the federal government. Our centers support our sponsors with scientific research and analysis, development and acquisition, and systems engineering and integration. MITRE has worked closely with government to strengthen our nation's cyber defenses for more than four decades. We work with our sponsors and industry partners to adopt effective new concepts and apply solutions in awareness, resiliency, and threat-based defense. Learn more at

Contact Information