SOC-CMM forum
SOC MM - Printable Version

+- SOC-CMM forum (https://www.soc-cmm.com/forum)
+-- Forum: SOC-CMM (https://www.soc-cmm.com/forum/forumdisplay.php?fid=1)
+--- Forum: SOC-CMM community forum (https://www.soc-cmm.com/forum/forumdisplay.php?fid=2)
+--- Thread: SOC MM (/showthread.php?tid=1016)



SOC MM - Trustconsulting - 01-20-2020

Hi Rob & Community, 


I want to perform a SOC assessment using SOC MM,

Can you provide more details about business drivers, because as i know the SOC is combination of People Process and technology, ?

Thanks

Hemza | SOC Analyst


RE: SOC MM - robvanos - 01-22-2020

Hi Hemza,

The idea behind the SOC-CMM is the differentiation in 5 domains: people, process, technology as the standard 'triad', augmented with business and services. Service is about the services delivered by the SOC. Business is about alignment with the business. Understanding business drivers is an important part. The business drivers dictate why the SOC exists. There must have been some driver or incident that made the board decide to invest in the deployment of a security operations center. For an MSSP, it can also be a business decision or by demand from the MSSP customers.

I hope this helps. If you have any additional questions, please let me know.

Regards,
Rob.


RE: SOC MM - Trustconsulting - 01-28-2020

(01-22-2020, 04:13 PM)Thanks for your replyrobvanos Wrote: Hi Hemza,

The idea behind the SOC-CMM is the differentiation in 5 domains: people, process, technology as the standard 'triad', augmented with business and services. Service is about the services delivered by the SOC. Business is about alignment with the business. Understanding business drivers is an important part. The business drivers dictate why the SOC exists. There must have been some driver or incident that made the board decide to invest in the deployment of a security operations center. For an MSSP, it can also be a business decision or by demand from the MSSP customers.

I hope this helps. If you have any additional questions, please let me know.

Regards,
Rob.



RE: SOC MM - fati - 02-28-2020

Hello, Iam working on a set up SOC project. The SOC will be managed by external service provider but I should identify use-case for a Financial institution. I have consulted the Magma Framework. I found that the framwork is concentrates on infrastructure uses-cases. I have already worked as security analyst for some SOC. Have you already worked on use-cases dedicated on finacial institutions? on cloud environments? Thank you for your help and advices


RE: SOC MM - NEA - 05-22-2020

(02-28-2020, 02:10 PM)fati Wrote: Hello, Iam working on a set up SOC project. The SOC will be managed by external service provider but I should identify use-case for a Financial institution. I have consulted the Magma Framework. I found that the framwork is concentrates on infrastructure uses-cases. I have already worked as security analyst for some SOC. Have you already worked on use-cases dedicated on finacial institutions? on cloud environments? Thank you for your help and advices
Hi Fati,
Have you got some feed-back on this request? There are several aspects in your inquiry that needs clarification. FSI use cases - or use cases in general is a challenging topic. I've worked for IBM, HP and some Deep Packet Inspection / forensics organisations ... and I'm a certified SOC architect / SOC operations ... and of course also on the QRadar platform. I'm familiar with SPLUNK, LogRyth, ELK and a few others. I've guided MSSPs to set up their business model and I've worked at MSSPs setting up their SOC services. In my world there some basic use cases (and that term also need to be defined) ... that I would always implement - no matter what industry sectors you belong to (energy/utility, manufacturing, transportation (mainly shipping in my pats of the woods), telecom, healthcare etc). From the limited time I had to look at the MaGMa framework - i think you will come - if not all the way, certainly a long way down the road. Its your compliance/legal and regulatory demands as well as your risk appetite and vulnerabilities that will/should determine the use-case priority. If you don't have that info, them you need to get your hands dirty - perform the needed scans, risk / gap analysis (you could use CIS 20-CSC, NIST CSF or other frameworks, verify with regular pen-tests etc. 
Not sure if this provide any clarity - otherwise, respond to this feed-back and I'll try to provide more meat to the bone :-)
Rgds, /NEA