Scribd Logo
Upload

Welcome to Scribd!

  • Soc Raci

    Uploaded by

    Lyu Sey
    71 views2 pages

    Original Title

    SOC RACI

    Copyright

    © © All Rights Reserved

    Available Formats

    XLSX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    71 views2 pages

    Soc Raci

    Uploaded by

    Lyu Sey

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    Organization

    Activities SOC SOC detection Incident


    analyst lead manager

    Alerts triage (SIEM) I


    Incident creation (SIRP) for follow-up I I
    Detection service
    Incident validation by organization's SOC team R I I
    Confirmation of need to escalate the incident to CSIRT team R I A
    Detection use case opportunities identification C A C
    Risk-based attack scenarios confirmation, with redteaming I A I
    SIEM rules creation (SIEM search creation and optimization) I A I
    Detection engineering Service Testing & Tuning C A
    SIEM rules maintenance & fix I C
    Datamodel management I A I
    Data acquisition and ingestion to the SIEM I A I
    Custom playbook development C C C
    Automation engineering
    Tools integration with orchestrator (ITSM, security solutions...) C C C
    Threat intelligence collection C A I
    Security Intelligence Services Threat intelligence sources validation C A C
    Threat intelligence use cases definition C A C
    SOC tools (SIEM, TIP, SIRP, SOA, GIT) admininistration I I I
    Log Source Heartbeat Monitoring I I I
    Administrative Services
    Log Source Management I C I
    SOC tools monitoring I I I
    Building and updating KPI C C C
    Reporting Services Generating reporting I I A
    Acting upon missed SLA C C C
    Incident handling (CSIRT) I I A
    Incident response service Forensics Investigation (CSIRT) I I A
    Improve detection with incident response feedback I R A
    Detection capabilities assessment (purpleteaming) R A I
    Continuous improvement Incident response capabilities assessment (purpleteaming) I I A
    Scheduling regular external audits I I I
    Organization MSSP
    Offensive security SOC SOC Incident Threat intel SOC detection SecDevOps / SOC Tools SDM / project
    expert Management analyst handler analyst engineer automation Admin management

    A R I
    A R I I
    A I I I
    A I I A
    R A/C C C C R A
    R A/C C I R A
    I A I R I
    A C R I A
    A I R I I
    A I I I R I I
    I A I I I R I I A
    C A I I I C R I A
    C A I I I C R C A
    I A I I R I I I A
    I A I I R I I C A
    I A I I R C I A
    I A I I I I I R A
    I A I I I I I R I
    I A I I I C C R A
    I A I I I I I R A
    C A/R I I I I I R
    I A I I I I A/R
    I A/R I I I I I R
    I A I R I I A
    I A I R I I A
    C A I C C R C I A
    R A/C R I I R R A
    R A/C I R R R A
    I A/R I I I I I I A/R

    You might also like