This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Which extensions should be done to the process domain?
#1
The SOC-CMM survey has indicated that some users are looking for additions to the SOC-CMM process domain. Which additions should be considered?
Keep calm and share knowledge
Reply
#2
Hi Rob,
There are 2 additional components which I think should be included under Process Domain - 1. SOC Management 1.3
Probably as 1.3.11 and 1.3.12.

1.3.11 Data on-boarding procedure: Procedure for intake, evaluation and move-to-production for requests for new security devices.
For example, an organization has newly deployed a Web Application FW, so we need a procedure to define how to parse the logs, normalize, use cases, correlation, etc.

1.3.12 Data off-loading procedure: procedure to remove existing security devices due to decommissioning.

What do u think?

Thanks
Reply
#3
Hi Darren,

Thanks for the suggestion. I think that data onboarding is something that should be part of SOC services, rather than SOC management. SOC management is commited to onbaording or offloading services, service management is commited to onboarding or offloading new data sources. So I would put this under each and every one of the services. Most likely under x.2.y, as seperate element of the required service documentation. It could be considered part of 'have you create a set of procedures', but I think it's worthwhile making it more concrete.

Regards,
Rob.
Reply
#4
Some thoughts on SOC Management Processes:
Organisational Document maintenance - the regular review of accuracy of network, business and threat model type docs
SOC induction processes

I couldn't see these in the section...
Reply
#5
Hi Simon,

Thank you for your feedback.

Document maintenance is indeed not mentioned. Under Process --> operations & facilities, section 2.5 goes into document management but does not mention regular updates of the information in those systems. The SOC-CMM for CERT more explicitly mentions such information, so I'll take this with me in a nex iteration.

The SOC induction is mentioned in the people domain, under 3.6. This is what is meant with the 'new hire' process.

Regards,
Rob.
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)