pdf

SANS - Designing and Building a SOC Management Fundamentals.pdf
Sans Designing And Building A Soc Management Fundamentals

Core management principles for designing and running a SOC.

This page contains AI generated content. Errors or omissions may be present. Use human level critical thinking.
  • Q: What is the 'Steering Committee's' function in SOC governance?
    A: To provide strategic direction, resource allocation, and conflict resolution between the SOC and other IT/business units.
  • Q: How does the document define 'Situational Awareness' for a SOC Manager?
    A: The ability to know the current status of threats, the operational state of defenses, and the progress of active incidents at any given moment.
  • Q: What is the 'Staffing Calculation' formula for 24/7 coverage?
    A: It typically requires between 8 to 12 full-time equivalents (FTEs) to staff a single 24/7 seat, accounting for shifts, holidays, training, and sick leave.
  • Q: What is the 'Analyst Career Path' challenge?
    A: The difficulty in retaining talent because there is often no clear progression from Tier 1 analyst to senior roles within the SOC.
  • Q: What is the recommended frequency for 'metrics reporting' to different stakeholders?
    A: Daily/Weekly for technical operations, Monthly for management, and Quarterly for executive leadership.
  • Q: What is the 'Scope Creep' risk in SOC management?
    A: The tendency for the SOC to become the 'dumping ground' for general IT tasks (e.g., patching, user administration) that distract from the security mission.
  • Q: How should 'Shift Turnover' be conducted?
    A: Through a formal meeting and written log where outgoing analysts brief incoming analysts on active incidents and system status.
  • Q: What is the 'Authority' requirement for a SOC?
    A: The SOC must have the pre-authorized mandate to take containment actions (e.g., isolate a host) without seeking permission during a crisis.
  • Q: What is the role of 'Self-Assessment' in SOC management?
    A: Regularly testing SOC capabilities via red teaming or table-top exercises to identify gaps.
  • Q: What distinguishes 'Leadership' from 'Management' in a SOC?
    A: Management focuses on processes and metrics; Leadership focuses on vision, culture, and team morale.

Ask a question

Have a doubt or need clarification?



I’m here to help. Share your question, and I’ll get back to you with the guidance you need regarding the course.

Thank you!

I have received your message and I shall get back to you shortly.