Module 01: Security and Operations Management

Question 1

What is security management?

Answer 1

Set of security activities by the organizations to maintain their security posture at an adequate level.

Question 2

What are the four main activities in Security Management?

Answer 2

Security Infrastructure
Security Prevention
Compliance and Validation
Security Operations

Question 3

What is the main goal of security management?

Answer 3

Secure company assets from malicious activities and ensure CIA of assets and services.

Question 4

What are Security Infrastructure Activities?

Answer 4

Perimeter, network, application, host and data security. through adequate controls.

Question 5

What are compliance and validation activities?

Answer 5

Security baselines, policies, audit and compliance.

Question 6

What are security prevention activities?

Answer 6

Vulnerability management and pentesting.

Question 7

What are the activities of security operations?

Answer 7

Security monitoring, incident management, vulnerability management, device management, network-flow monitoring.

Question 8

What is a SOC?

Answer 8

centralized unit that monitors and analyzes ongoing activities on organization’s information systems (networks, servers, endpoints, databases, etc.)

Question 9

what is the goal of the SOC?

Answer 9

Maintain continuity of an organization by determining, preventing, detecting, and responding to intrusion events before they affect the business.

Question 10

What are the main SOC capabilities?

Answer 10

Preventing, detecting, responding and reporting security incidents.

Question 11

What are typical SOC functions?

Answer 11

Log collection
Log retention and Archival
Log analysis
Monitoring of Security Environments for Security Events
Event Correlation
Incident Management
Threat Identification
Threat Reaction and Response
Reporting
Malware Analysis
Vulnerability Management
Security Device Management

Question 12

What is the high-level SOC workflow?

Answer 12

Collect > ingest > validate > report > respond > document

Question 13

What are the three components of a SOC?

Answer 13

People, processes, technology.

Question 14

What are people roles within a SOC?

Answer 14

L1 SOC Analyst
L2 SOC Analyst
Incident Responder
Subject Matter Expert/Threat Hunters
SOC Manager
Chief Information Security Officer

Question 15

What soft skills are required?

Answer 15

Team Spirit
Communication
Trustworthiness
Self-confidence
Assertiveness
Empathy
Inquisitiveness and Creativity

Question 16

What are SOC technologies?

Answer 16

SIEM
Monitoring tools
dashboard
ticketing system
automated assessment tool

Question 17

How should SOC technologies be selected?

Answer 17

By choosing those that work for people and processes.

Question 18

What are the four main SOC processes?

Answer 18

Business, Technology, Operational, and Analytical.

Question 19

What are the three SOC models?

Answer 19

In-house/Internal
Outsourced
Hybrid

Question 20

What are SOC maturity models?

Answer 20

IT governance tools that explain the organization’s working process as per standardization, results, and measurement of effectiveness.

Question 21

What are the SOC maturity levels?

Answer 21

Level 1: Create correlation rules
Level 2: Automation of Responses
Level 3: Service Management Integration

Question 22

What are the types of SOC maturity models?

Answer 22

1: SOC-Capability Maturity Model
2: COBIT
3: NIST
4: SSE-CMM

Question 23

What are the steps to implementing a SOC?

Answer 23

Planning
Designing and building the SOC
Operating the SOC
Reviewing and Reporting the SOC

Question 24

What are SOC KPIs?

Answer 24

Completion time
First-time fix rate
Call service level compliance
Response time
Client satisfaction
operations audit
over time
transfer rate
system availability and accessibility

Question 25

What are some implementation challenges?

Answer 25

Increasing the volume of security alerts
Management of numerous security tools
Lack of skilled analysts
Legal and regulatory compliance
Technology selection and configuration
Processes and procedures formalization, orchestration and automation
Data integrity and intelligence management
Handling multi-staged advanced attacks
Rapid change in technology and security
Continuous training