Security operations encompasses the ongoing activities required to maintain the security posture of an organization — monitoring for threats, responding to incidents, managing vulnerabilities, conducting investigations, and keeping security technologies functioning. Where security architecture designs the protective structure, security operations keeps it running and responds when defenses are tested.
Mature security operations functions integrate threat intelligence into detection, conduct proactive threat hunting rather than waiting for alerts, and maintain relationships with legal, communications, and executive leadership needed to execute when a major incident occurs.
CISSP Relevance
Security Operations is the focus of Domain 7, one of the most heavily weighted sections of the CISSP exam. Candidates must understand monitoring, incident response, investigations, disaster recovery, and administrative functions that support operational security.
External reference: CISA Security Operations Center Resources
Related terms: Security Operations Center, Incident Response