This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.
SOC-CMM forum SOC-CMM SOC-CMM development
Which extensions should be done to the process domain?

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Thread Modes
Which extensions should be done to the process domain?
robvanos Offline
Super Moderator
******
Posts: 44
Threads: 14
Joined: Feb 2019
Reputation: 4
#1
02-20-2019, 02:09 PM
The SOC-CMM survey has indicated that some users are looking for additions to the SOC-CMM process domain. Which additions should be considered?
Keep calm and share knowledge
Website Find
Reply
darren.bnm Offline
validated user
Posts: 7
Threads: 5
Joined: Apr 2019
Reputation: 3
#2
04-23-2019, 07:35 AM (This post was last modified: 04-23-2019, 07:38 AM by darren.bnm.)
Hi Rob,
There are 2 additional components which I think should be included under Process Domain - 1. SOC Management 1.3
Probably as 1.3.11 and 1.3.12.

1.3.11 Data on-boarding procedure: Procedure for intake, evaluation and move-to-production for requests for new security devices.
For example, an organization has newly deployed a Web Application FW, so we need a procedure to define how to parse the logs, normalize, use cases, correlation, etc.

1.3.12 Data off-loading procedure: procedure to remove existing security devices due to decommissioning.

What do u think?

Thanks
Find
Reply
robvanos Offline
Super Moderator
******
Posts: 44
Threads: 14
Joined: Feb 2019
Reputation: 4
#3
05-07-2019, 10:06 AM
Hi Darren,

Thanks for the suggestion. I think that data onboarding is something that should be part of SOC services, rather than SOC management. SOC management is commited to onbaording or offloading services, service management is commited to onboarding or offloading new data sources. So I would put this under each and every one of the services. Most likely under x.2.y, as seperate element of the required service documentation. It could be considered part of 'have you create a set of procedures', but I think it's worthwhile making it more concrete.

Regards,
Rob.
Website Find
Reply
SimonJackson Offline
validated user
Posts: 1
Threads: 0
Joined: Jan 2020
Reputation: 0
#4
01-29-2020, 04:48 PM
Some thoughts on SOC Management Processes:
Organisational Document maintenance - the regular review of accuracy of network, business and threat model type docs
SOC induction processes

I couldn't see these in the section...
Find
Reply
robvanos Offline
Super Moderator
******
Posts: 44
Threads: 14
Joined: Feb 2019
Reputation: 4
#5
02-12-2020, 01:21 PM
Hi Simon,

Thank you for your feedback.

Document maintenance is indeed not mentioned. Under Process --> operations & facilities, section 2.5 goes into document management but does not mention regular updates of the information in those systems. The SOC-CMM for CERT more explicitly mentions such information, so I'll take this with me in a nex iteration.

The SOC induction is mentioned in the people domain, under 3.6. This is what is meant with the 'new hire' process.

Regards,
Rob.
Website Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)