Lecture 2 Flashcards
Developing a Security Operations Center
What are the initial steps in developing a SOC?
Creating a new practice or enhancing an existing one, and defining high-level SOC development concepts.
What is the purpose of a mission statement for a SOC?
To provide a concise explanation of the SOC’s core purpose and values, aligning with the organization’s mission.
What should be included in a SOC scope statement?
Locations and networks, ownership, SOC objectives, technologies and services, and specifics on service availability.
Why is it important to develop SOC procedures?
To provide detailed, step-by-step instructions on how services are executed by the SOC.
What are common SOC procedures?
Monitoring, Alerting, Escalation, Investigation, Incident logging, Compliance, Reporting, and Remediation.
Why is redundancy planning important in a SOC?
To ensure continuous operation of critical services and systems in the event of failures.
What are the physical requirements for SOC capacity planning?
Location(s) for hosting SOC employees and technology, power requirements, space for equipment, and physical security considerations.
What are the technical requirements for SOC capacity planning?
Network throughput, types of technology, monitors, and other technical needs.
What factors should be considered in SOC resource planning?
Cost savings, leveraging other teams’ resources, budget discussions, and consolidation of existing hardware.
What are the goals of SOC goal alignment?
To reflect the number of required roles, expected skill sets, process enforcement, and technology to support SOC services.
What is the importance of SOC maturity goals?
To plan for future SOC development regarding people, process, and technology.
Why is growth planning important for a SOC?
To account for required hardware, number of employees, collaboration, and other factors needed to deliver SOC services at the desired maturity level.
How should SOC technology planning be approached?
By meeting with vendors and service partners to future-proof equipment and verify all hardware and connectivity requirements.
What is the purpose of SOC redundancy planning?
To develop strategies for backup systems based on the SOC’s risk appetite and ensure high importance services have active redundancy.
What should be considered when choosing the location for a SOC?
Proximity to network operations center, accessibility to essential resources, fire prevention strategy, and data sovereignty requirements.