Operate: SOC/CIRT Effectiveness
Achieving Adaptive Teams
Businesses evolve, and attackers continually invent new threats. A high performing security team must continually adapt. Data Border's SOC/CIRT Effectiveness service ensures defences are ready for new threats; validates business alignment; and assesses operational effectiveness and financial efficiency.
Methodology
OC/CIRT Effectiveness starts with confirming how business and technical goals are measured, and updating the team to new threats. We then gauge how early and cost-effectively the SOC detects and contains threats using the industry standard cyber kill chain framework invented by Lockheed Martin. Once operational effectiveness is established, we shift to measuring financial effectiveness.
These two areas then guide developing a technology alignment plan, and immediately implementing quick wins. We focus on email controls because a high proportion of attacks begin via email. We assess how well parts of the security function are integrated, e.g. MSSP people offshore with SOC personnel onshore.
We have a library of security policies, best practices and run-books which we can embed in your team to kick-start an effective security operations function. If you have existing policies, we can review and update them.
Finally, we validate findings with a simulated attack and then prepare a practical roadmap to continually improve the team's function.
- Metrics and risk alignment
- Threat intelligence
- Finance funnel analysis
- Technology alignment and effectiveness
- Email controls efficiency
- Process and communication integration
- Simulated attack
- Kaizen roadmap
Please contact us for a free initial discussion covering the capabilities your team already has and how you'd like to improve them.
