SOC-CMM forum

Full Version: Which extensions should be done to the process domain?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
The SOC-CMM survey has indicated that some users are looking for additions to the SOC-CMM process domain. Which additions should be considered?
Hi Rob,
There are 2 additional components which I think should be included under Process Domain - 1. SOC Management 1.3
Probably as 1.3.11 and 1.3.12.

1.3.11 Data on-boarding procedure: Procedure for intake, evaluation and move-to-production for requests for new security devices.
For example, an organization has newly deployed a Web Application FW, so we need a procedure to define how to parse the logs, normalize, use cases, correlation, etc.

1.3.12 Data off-loading procedure: procedure to remove existing security devices due to decommissioning.

What do u think?

Hi Darren,

Thanks for the suggestion. I think that data onboarding is something that should be part of SOC services, rather than SOC management. SOC management is commited to onbaording or offloading services, service management is commited to onboarding or offloading new data sources. So I would put this under each and every one of the services. Most likely under x.2.y, as seperate element of the required service documentation. It could be considered part of 'have you create a set of procedures', but I think it's worthwhile making it more concrete.