Module 01: Security and Operations Management Flashcards
What is security management?
Set of security activities by the organizations to maintain their security posture at an adequate level.
What are the four main activities in Security Management?
Security Infrastructure
Security Prevention
Compliance and Validation
Security Operations
What is the main goal of security management?
Secure company assets from malicious activities and ensure CIA of assets and services.
What are Security Infrastructure Activities?
Perimeter, network, application, host and data security. through adequate controls.
What are compliance and validation activities?
Security baselines, policies, audit and compliance.
What are security prevention activities?
Vulnerability management and pentesting.
What are the activities of security operations?
Security monitoring, incident management, vulnerability management, device management, network-flow monitoring.
What is a SOC?
centralized unit that monitors and analyzes ongoing activities on organization’s information systems (networks, servers, endpoints, databases, etc.)
what is the goal of the SOC?
Maintain continuity of an organization by determining, preventing, detecting, and responding to intrusion events before they affect the business.
What are the main SOC capabilities?
Preventing, detecting, responding and reporting security incidents.
What are typical SOC functions?
Log collection Log retention and Archival Log analysis Monitoring of Security Environments for Security Events Event Correlation Incident Management Threat Identification Threat Reaction and Response Reporting Malware Analysis Vulnerability Management Security Device Management
What is the high-level SOC workflow?
Collect > ingest > validate > report > respond > document
What are the three components of a SOC?
People, processes, technology.
What are people roles within a SOC?
L1 SOC Analyst L2 SOC Analyst Incident Responder Subject Matter Expert/Threat Hunters SOC Manager Chief Information Security Officer
What soft skills are required?
Team Spirit Communication Trustworthiness Self-confidence Assertiveness Empathy Inquisitiveness and Creativity
What are SOC technologies?
SIEM Monitoring tools dashboard ticketing system automated assessment tool
How should SOC technologies be selected?
By choosing those that work for people and processes.
What are the four main SOC processes?
Business, Technology, Operational, and Analytical.
What are the three SOC models?
In-house/Internal
Outsourced
Hybrid
What are SOC maturity models?
IT governance tools that explain the organization’s working process as per standardization, results, and measurement of effectiveness.
What are the SOC maturity levels?
Level 1: Create correlation rules
Level 2: Automation of Responses
Level 3: Service Management Integration
What are the types of SOC maturity models?
1: SOC-Capability Maturity Model
2: COBIT
3: NIST
4: SSE-CMM
What are the steps to implementing a SOC?
Planning
Designing and building the SOC
Operating the SOC
Reviewing and Reporting the SOC
What are SOC KPIs?
Completion time First-time fix rate Call service level compliance Response time Client satisfaction operations audit over time transfer rate system availability and accessibility
