How do we ensure the right processes and governance to fully implement and operationalise a SOC?
A SOC is more than just installation of a log management solution. It requires significant process and governance enhancement to fully operationalise the SOC. Some of the process and governance challenges associated with the implementation of a SOC may include:
- Defining threat scenarios and logs required to monitor against the organisation’s threat landscape;
- Defining key performance metrics (as well as risk indicators) that aligns with the organisation’s risk appetite;
- Defining and updating a playbook with clearly defined roles and responsibilities to avoid confusion in the event of an incedent;Understanding the capacity of the SIEM solution, supporting architecture and the minimisation of ‘noise’ (false positives); and
- Recruiting skills and offering relevant training to subject matter expertise to improve the overall quality of the SOC capabilities.
Our approach provides our clients with a strategic roadmap combined with a TCO analysis (total cost of ownership) with prioritised recommendations for future transformation to full ownership of the SOC.
Our approach consists of five phases: