Skip to main content

Before your security technology team embarks on their next integration project, it’s important to determine the types of alarms that operations teams need to respond to. Today’s systems and devices can generate a large volume of alarm types, many of which create noise and provide no operational value to responding operators. Anyone who’s run an operations center knows how detrimental unnecessary, or false, alarms can be. In the worst-case scenario, real events are missed in the clutter. More commonly, response times increase as operators wade through the sea of alarms, impacting delivery and lowering morale.

HOW TO DETERMINE WHICH ALARMS ARE MOST IMPORTANT FOR THE SOC:

  • Alarm Types

Which alarms and events does the SOC need to know about?

  • Critical Points

What are the critical points within a building/area? Prioritize these points and alarm types for the SOC.

  • Schedule

When do they need to know about these alarms? Do they only need to know about these alarms at certain times of the day?

  • Compliance

Are there specific alarms or events that must be audited for compliance? Do all of the events require operator action or do they merely need to be logged?

  • Reporting

What reporting requirements does the SOC leadership have? This should focus on data that provides an operational view (not a system view) of the organization.

NEXT, CATEGORIZE THESE ALARMS

With this information in hand, the security technology teams can then simply categorize their alarms into 3 groups:

Alarms that—

  1. REQUIRE OPERATOR RESPONSE

Operators need to take action and respond to these alarms in real-time.

  1. ARE MASKED BUT LOGGED

Operators don’t need to take action, however, for reporting or compliance, these alarms need to be logged.

  1. CAN BE IGNORED

The SOC doesn’t need to be notified of the alarms for action or logging. System messages are a good example of these types of alarms

You’ve chosen your response platform, finalized your integration requirements, and mapped out alarm importance and how they are triaged—up next, scope your integration, while focusing on the user story. Read more about how to do that in our full whitepaper, Integrating Your Security Operation: A Roadmap For Connecting Technology to Deliver Optimum Operational Value. 

Related Blogs