Professional Documents
Culture Documents
Lecture 12 - Soc 07012024 082159pm
Lecture 12 - Soc 07012024 082159pm
• 1.1. Background
1. Executive • 1.2. Purpose
Summary • 1.3. Scope
• 3.1. Coverage
3. Scope • 3.2. Limitations
SOC charter
• 12.1. Definitions
12. Appendices • 12.2. Acronyms
Best of Breed vs. Défense in Depth
• Some organizations will even talk about being ISO certified even
though ISO does not certify organizations meaning the certification
part is developed by third parties.
• ISO 3100:2018, Risk management – Guidelines, helps organizations to
deal with risk. The 2018 version replaces the 2009 standard
• The risk management framework attempts to identify business goals
and establish a formal framework that is sponsored by leadership.
• Learn more about ISO standards at
-https://www.iso.org/standards.html
FIRST Service Frameworks
• The security industry uses threat models to represent attack and defend
concepts. The purpose of these models is to help organizations
understand the type of capabilities they need as they develop a
defense-in-depth architecture.
• As organizations pile on all the possibilities for the types of tools
potentially needed, they become overwhelmed and need industry
threat models to help them understand what tools and technology
apply to their business needs
The Cyber Kill Chain Model
• One of the most popular threat models used in the industry is the
Cyber Kill Chain created by Lockheed Martin
• The Cyber Kill Chain model is specific to a threat actor attempting to
compromise a network by gaining direct control of the compromised
system, all attacks do not have to follow this particular attack flow
The Diamond Model
• Cyber kill chain model evaluates one specific type of attack behavior, however
there are many other ways an adversary could attack your organization
• The adversary uses various capabilities
along some form of infrastructure
to launch an attack against the
victim. Capabilities used by the
attacker are various forms of tools,
techniques, and procedures (TTPs),
while the infrastructure is what connects
the adversary and victim
Extended Diamond Model
Extended Diamond Model: example
Diamond Model Attack Graph
MITRE ATT&CK Model
No
Solution New
Enrichment Offense
Yes
• Risk management
• Vulnerability management
• Incident management
• Analysis
• Compliance
• Situational and security awareness
• Research and development
• Threat Hunting
• Threat Intelligence
Effective SOC
SOC Maturity Models