OPERATIONAL LAYER
Tool set and platforms - Licenses and scope of each of them - Scope of data collection and storage - SIEM Lab - Use case factory - Data Management and logs - Generic correlation rules - Specific correlation rules - Playbooks - Knowledge base - Security incident category (Mitre Att&ck) - Technical memory of technologies deployed - Asset's criticality - List of supported technologies - Scalation grids - Helpdesk - Integration with client's helpdesk (scope) - Monthly reports - Shifts - Alert framework.
TACTICAL LAYER
Ticket registration process - States of a ticket - Definitions of SOC services - Threat monitoring - Vulnerability assessment - Threat intelligence - Threat hunting - Previous requirements - Scalation grid - List of assets, criticality, name, private IP, public IP - Triage procedure - Onboarding procedure - Threat monitoring procedure - Vulnerability assessment procedure - Service manual - SOC dictionary and terminology - Incident response procedure - SOC and other services - Penetration testing - Incident response - Analysis - Annual report - Business enablement - Identifying new business opportunities through security efficiency.
STARTEGIC LAYER
SOC goals and objectives - Out of scope: what SOC is not - Security posture - KPIs - SLAs - Measuring business alignment - SOC as a business risk Dashboard to the Board - Risk Management - Risk heat map - Job descriptions - External SOC roles of support (BDM, Security Manager, Sales, Product Manager, Presales, Pen-testers, Incident handlers - Maturity road map of SOC

Price
$ 2,000 pp
Discount available
for group sessions
and/or public reference

Instructor led
online class
Delivery format
30 hours