A Reference Model of operational needs to guide the evolution of your Security Operations efforts.
This is a familiar topic area with Cyber Security practitioners of all experience levels – What are the core capabilities we need to start investing in as we mature and evolve Cyber Security Operations for our organization? Of course, the answer is always – It depends.
Cyber Security is a very broad set of challenges, and the term “Cyber Security Operations” can mean different things to different people. You first need to create some clarity regarding the overall vision your organization has for Cyber Security Operations; including what specific Services and SLAs are expected. From these Services, you can derive the set of core capabilities you’ll need and when, including some prioritization for which should be acquired first.
Other critical business areas such as MRP, SCM, ERP, CRM, etc. have matured over decades to converge on “taxonomies” or “reference models” that capture the superset of capabilities required to perform their specific disciplines. Convergence on such a capability reference model for Cyber Security Operations has yet to materialize. So herein we have compiled a summary of the top 20 capabilities often found in more mature Cyber Security Operations Centers or (C)SOCs, and grouped them by the 7 challenges every cyber security operations effort ultimately needs to address:
The outline below provides the next level of detail to the taxonomy.
The list of capability areas is a broad superset, and is intended to be descriptive rather than prescriptive. It’s offered strictly as a reference model to inform Security Operations roadmaps, or simply to help teams manage expectations with their stakeholder and leadership communities. The following is an outline of the taxonomy:
Knowledge of one’s own cyber infrastructure
Knowledge of the Threats emerging in cyberspace
Management of Access Controls
Monitoring and Detection
Informed Incident Response
Visibility through advanced reporting
Any one of these topic areas on its own, is broad enough to require a more detailed inventory of specific capabilities and requirements. Which may explain why so many mature SOCs employ an average of more than 50 individual tools and technologies.
Whether you are just getting started, or are evolving your existing Cyber Security Operations...
Our team can help you develop a practical way forward for securing your Organization.
Copyright © 2023 Phenomenati - All Rights Reserved.