Lecture 5 Flashcards
SOC Metrics and Maturity Models
What is the purpose of a SOC maturity model?
To understand the current quality of SOC services, develop a roadmap for improvement, and predict and request budgets for SOC services.
Describe the five levels of maturity in the CMMI Institute example.
Initial, Managed, Defined, Quantitatively Managed, and Optimizing.
What are SOC Goal Assessment Process steps?
Meet with the SOC executive sponsor, develop SOC goals, create IT processes, identify missing people, processes, or technology, and validate results.
What is the significance of ranking business goals in a SOC?
To determine how to prioritize goals and ensure alignment with the organization’s overall mission and objectives.
How does the Cyber Kill Chain Model apply to threat assessment?
By breaking down the stages of an attack to understand and counteract each stage effectively.
What is the Diamond Model in cybersecurity?
A model that maps how an adversary targets a victim using capabilities and infrastructure to launch an attack.
How does the MITRE ATT&CK Model benefit SOCs?
By simulating adversary tactics and techniques based on real-world observations to enhance threat detection and response.
Why is it important to perform a capability map in a SOC?
To identify different parts of the network and how users and systems interact, aiding in understanding defense-in-depth architecture.
What is the purpose of a gap analysis in SOC capability assessment?
To evaluate the capability map for gaps and overlapping services, helping to prioritize areas for improvement.
Describe the first-generation SOC maturity model.
A SOC that primarily monitors device logs with limited coverage based on the data monitored.
How does a second-generation SOC improve upon the first-generation?
By leveraging data correlation and consolidation to turn log data into security events.
What additional services are offered by a third-generation SOC?
Vulnerability management and compliance.
What are the characteristics of a fourth-generation SOC?
Leveraging the latest SOC technologies and services, expanding visibility to other networks using threat intelligence and reputation security.
What is the importance of having an executive sponsor for a SOC?
To help enforce SOC policies, validate business goals, and align SOC IT goals with organizational objectives.
What are the key milestones in SOC development?
Identifying executive sponsors, establishing the SOC program, developing a budget, recruiting talent, and acquiring technology.
