The scope of responsibility for Security Operations continues to grow (IT, OT, ICS/SCADA, mobile, cloud, and even IoT), as do the expectations of availability and security. But you can't secure/defend what you don’t know about. This is where we begin our taxonomy of the “Top 20” SOC Capability Areas.
You can't secure/defend what you don’t know about. So, any security operations effort should build upon a solid foundation of Asset & Configuration Management (ACM) processes and capabilities; enabled by a Configuration Management System (CMS) capability.
This does not imply that Security Operations is responsible for building and managing ACM processes and CMS capabilities. Such “IT governance” is already the responsibility of Network Operations and should be performed routinely by organizations following some disciplined IT management framework (e.g., COBIT, ITILv3, etc.). However, Security Operations are critically dependent upon this living knowledgebase of the organization’s assets and services, if they are to be at all effective.
If your organization does not already have such ACM/CMS capabilities in place today... Start Here.
On selecting ACM/CMS capabilities, today's Network & Security Operations teams must consider coverage for the ever expanding range of assets that are deemed to be “in-scope” for their responsibilities:
Applications, Services, Software, Operating Systems
And ultimately Information
This scope continues to grow, as do the expectations of availability and security.
Most Security Operations teams will already have some level of ACM/CMS capabilities in place. We start with it here because most other SOC capabilities build directly upon this knowledgebase. Disciplined ACM processes and CMS capabilities provide the critical foundation for effectively securing one’s environment.
This article barely scratches the surface of the need for Asset & Configuration Management capabilities in contemporary Security Operations. But taken together with the other capability areas in this “Top 20” list, we hope to shine a light on the breadth, depth, and complexity of what is involved in building effective Security Operations today.
Contact us if you'd like help identifying and selecting Asset & Configuration Management capabilities to support your own Security Operations efforts.
Copyright © 2020 Phenomenati - All Rights Reserved.