This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Which extensions should be done to the process domain?
#1
The SOC-CMM survey has indicated that some users are looking for additions to the SOC-CMM process domain. Which additions should be considered?
Keep calm and share knowledge
Reply
#2
Hi Rob,
There are 2 additional components which I think should be included under Process Domain - 1. SOC Management 1.3
Probably as 1.3.11 and 1.3.12.

1.3.11 Data on-boarding procedure: Procedure for intake, evaluation and move-to-production for requests for new security devices.
For example, an organization has newly deployed a Web Application FW, so we need a procedure to define how to parse the logs, normalize, use cases, correlation, etc.

1.3.12 Data off-loading procedure: procedure to remove existing security devices due to decommissioning.

What do u think?

Thanks
Reply
#3
Hi Darren,

Thanks for the suggestion. I think that data onboarding is something that should be part of SOC services, rather than SOC management. SOC management is commited to onbaording or offloading services, service management is commited to onboarding or offloading new data sources. So I would put this under each and every one of the services. Most likely under x.2.y, as seperate element of the required service documentation. It could be considered part of 'have you create a set of procedures', but I think it's worthwhile making it more concrete.

Regards,
Rob.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)