This is a familiar topic area with Cyber Security practitioners of all experience levels – What are the core capabilities we need to start investing in as we mature and evolve Cyber Security Operations for our organization? Of course, the answer is always – It depends.
Cyber Security is a very broad set of challenges, and the term “Cyber Security Operations” can mean different things to different people. You first need to create some clarity regarding the overall vision your organization has for Cyber Security Operations; including what specific Services and SLAs are expected. From these Services, you can derive the set of core capabilities you’ll need and when, including some prioritization for which should be acquired first.
Other critical business areas such as MRP, SCM, ERP, CRM, etc. have matured over decades to converge on “taxonomies” or “reference models” that capture the superset of capabilities required to perform their specific disciplines. Convergence on such a capability reference model for Cyber Security Operations has yet to materialize. So herein we have compiled a summary of the top 20 capabilities often found in more mature Cyber Security Operations Centers or (C)SOCs, and grouped them by the 7 challenges every cyber security operations effort ultimately needs to address:
- Knowledge of one’s own cyber infrastructure
- Knowledge of the threats emerging in cyberspace
- Management of Access Controls
- Monitoring and Detection
- Informed Incident Response
- Investigation
- and Visibility through advanced reporting
The outline below provides the next level of detail to the taxonomy.