This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
SOC-CMM v2 - input requested
#1
I’ve recently written an article called A modern monitoring and response model. I would like to take some of the insights from that article and embed them into the SOC-CMM. More concretely, I’m considering the following changes to the SOC-CMM:
  • Integrating enhancements from the SOC-CMM for CERT.
  • Extending the use case management aspect to include visibility and emphasize validation of security monitoring rules
  • Adding EDR to the technology domain
  • Rewriting ‘analytics’ to ‘network traffic analytics’ and consolidating the IDPS technology. Together with the previous bullet, this means the technology domain is built up from the SOC visibility triad coined by Anton Chuvakin, augmented with SOAR as a major driver for SOC efficiency.
  • Adding purple teaming / red teaming to the services domain
  • Simplifying security incident response, as the SOC-CMM for CERT provides a more detailed assessment.
I’ve become somewhat hesitant to extend the SOC-CMM much further, as it will make assessments even bigger and more time-consuming. Basically, it is big enough as it is. This is why I’m also considering removing the ‘log management’ service from the services domain, and include some of the log management aspects into the security monitoring service.


Please leave your suggestions, comments and thoughts as a reply to this post. I am planning to start the work in August, so you have until then to post your ideas.
Reply


Messages In This Thread
SOC-CMM v2 - input requested - by robvanos - 06-24-2020, 02:56 PM
RE: SOC-CMM v2 - input requested - by dasDuffy - 06-24-2020, 07:11 PM
RE: SOC-CMM v2 - input requested - by mfagala - 06-24-2020, 08:15 PM
RE: SOC-CMM v2 - input requested - by Sander - 06-26-2020, 08:49 AM
RE: SOC-CMM v2 - input requested - by Ashrafkar - 06-26-2020, 08:37 PM

Forum Jump:


Users browsing this thread: 2 Guest(s)