This 5 days intensive training program is designed to equip IT professionals within the “Supreme Judiciary Council” with the knowledge and practical skills required to operate, manage and enhance a modern Security Operations Centre (SOC). The course balances strategic concepts, operational processes and hands-on methodologies, focusing on protecting sensitive judicial information, court systems and national digital assets from evolving cyber threats.
The program progresses from SOC foundations and threat landscapes to advanced monitoring, incident response, digital forensics and governance. Emphasis is placed on real-world use cases, international best practices (NIST, ISO 27001, MITRE ATT&CK) and alignment with public sector and judicial requirements.
By the end of the program, participants will be capable of contributing effectively to SOC operations, decision-making and continuous improvement.
COURSE OBJECTIVES
- Understand the role and strategic value of a SOC within judicial and government institutions.
- Identify modern cyber threats targeting courts, legal systems and sensitive data.
- Develop skills in security monitoring, log analysis and threat detection.
- Apply structured incident response and escalation procedures.
- Integrate threat intelligence into SOC operations.
- Support digital forensics and evidence preservation processes.
- Align SOC operations with governance, compliance and national cybersecurity frameworks.
TARGET AUDIENCE
- IT Security Engineers and Analysts.
- Network and System Administrators.
- Cybersecurity Officers and SOC Team Members.
- IT Governance, Risk and Compliance Staff.
- Technical Managers responsible for security operations.
DAY 1: Foundations of SOC & Cyber Threat Landscape
- Role and Functions of a Security Operations Centre.
- SOC Operating Models (In-House, Outsourced, Hybrid).
- Cyber Threat Landscape for Government and Judiciary.
- Types of Threat Actors (Cybercrime, APTs, Insider Threats).
- SOC Roles, Skills and Maturity Models.
DAY 2: Security Monitoring, Detection & SIEM Operations
- Log Management and Security Event Sources.
- SIEM Architecture and Use Cases.
- Correlation Rules and Alert Turning.
- MITRE ATT&CK Framework for Threat Detection.
- Reducing False Positives and Alert Fatigue.
DAY 3: Incident Response & SOC Workflows
- Incident Response Lifecycle.
- Incident Classification and Severity Levels.
- SOC Playbooks and Standard Operating Procedures (SOPs).
- Coordination with Legal, HR and Management.
- Communication and Reporting During Cyber Incidents.
DAY 4: Threat Intelligence & Digital Forensics
- Cyber Threat Intelligence (CTI) Sources and Feeds.
- Integrating CTI into SOC Operations.
- Basics of Digital Forensics for SOC Analysts.
- Evidence Handling and Chain of Custody.
- Supporting Legal and Judicial Investigations.
DAY 5: SOC Governance, Compliance & Continuous Improvement
- SOC Governance and Performance Metrics (KPIs, SLAs).
- Compliance with ISO 27001, NIST and National Regulations.
- Risk Management and SOC Reporting to Leadership.
- Automation and SOAR Technologies.
- SOC Maturity Assessment and Improvement Roadmap.
CASE-STUDY: Equifax Data Breach (2017)
Equifax, a global credit reporting agency, suffered a massive data breach exposing personal data of over 147 million individuals. The breach highlighted critical failures in vulnerabilities management, monitoring and incident response, making it a vulnerable SOC learning case.
GROUPS DISCUSSION QUESTIONS:
- What was the primary SOC-related failure in the Equifax breach?
- Which SOC control could have detected the breach earlier?
- How could threat intelligence have helped prevent the incident?
- What incident response weakness worsened the impact?
- What key lesson is most relevant for judicial institutions?
