When responding to an incident, it

Rakhiraqsdiwseo · Post by **Rakhiraqsdiwseo** » Sun Feb 09, 2025 4:47 am

Senior Consultant of the Consulting Department of DialogueNauka Ksenia Zasetskaya reminds that it makes sense for a company to build its own SOC only if the maturity level of its corporate information security is high enough to achieve certainty in the goals and operating mode of the SOC, to ensure documentation of its functioning, interaction of participants in the SOC processes, management of these processes, assessment of efficiency and, finally, analysis of the results and its development. It is often more correct for a company to rely on the competencies of a SOC service provider.

It that information security events are not always incidents. DialogueScience specialists recommend defining criteria for distinguishing incidents from events and prioritizing them based on information security risk assessments linked to the company's actual business processes and aimed at minimizing the consequences of risk realization for core activities.

is necessary to strive to minimize the time between its detection and the start of the response to it. The detection and start of the response are followed by the stages of incident investigation, formation (if necessary) of a legally significant evidence base, analysis of the investigation results and elimination of the causes of the incident.

Evaluation of the effectiveness of the information malaysia mobile database incident management process (in other words, evaluation of the effectiveness of the SOC) as a whole should be aimed at improving the incident management process, the effectiveness of the implemented information security measures, the approach and results of risk assessment, optimization of the area of monitoring, control and information security policies.

Each business area forms its own evaluation indicators. As criteria for forming metrics, experts recommend using ISO/IEC 270XX, NIST, Bank of Russia standards, SANS Institute recommendations, computer incident response centers (CERT), SIEM developers' recommendations and documentation, etc.

According to statistics collected by HPE specialists, only 25% of organizations were able to organize the effective operation of their SOC. According to Gartner estimates, the reasons for such a low success rate lie in the organizational aspects of implementation and operation.