KEMBAR78
Questions | PDF | Performance Indicator | Information Technology
Scribd
Upload
5 views3 pages

Questions

The document outlines the structure and processes of a Security Operations Center (SOC) project for MRPL, detailing its purpose, scope, team roles, and incident management procedures. It includes sections on daily operations, escalation procedures, compliance, onboarding, training, key metrics, threat intelligence, and a glossary of terms. Additionally, it provides appendices for internal resources, emergency contacts, and sample incident reports, with placeholders for further content and updates.

Uploaded by

fecab74085
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
5 views3 pages

Questions

The document outlines the structure and processes of a Security Operations Center (SOC) project for MRPL, detailing its purpose, scope, team roles, and incident management procedures. It includes sections on daily operations, escalation procedures, compliance, onboarding, training, key metrics, threat intelligence, and a glossary of terms. Additionally, it provides appendices for internal resources, emergency contacts, and sample incident reports, with placeholders for further content and updates.

Uploaded by

fecab74085
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 3

points :

*1. Project Overview*

1 Purpose (same client and what ?) #(client: MRPL)


Describe the purpose of the SOC monitoring project (e.g., to protect organizational
assets by detecting, analyzing, and responding to cyber threats in real-time).
2.Scope
Outline the systems, networks, and applications monitored by the SOC.(here we need
to mention our projects or what ? and assets we are protecting ?)
Define the boundaries of the SOC's responsibilities (e.g., internal networks, cloud
environments, endpoints).

# what are the internal networks and end points and all and what we are doing like
how we are closing the alerts and responding to them process and doc we have and
how we clear that we can mention or else simple things ..

*2. SOC Team Structure*

3. SOC Team Structure


2.1 Roles and Responsibilities
SOC Analyst (Tier 1): Monitor alerts, perform initial triage, escalate incidents.
SOC Analyst (Tier 2): Conduct in-depth analysis, investigate incidents, coordinate
with other teams.
SOC Manager: Oversee operations, manage escalations, report to leadership.
Other Roles: Incident responders, threat hunters, compliance officers, etc.
(here what we need to do categories our team ?)

4
*Team Contact Information*

Provide a table or list with names, roles, contact details, and escalation paths.
(what is path ?)

(optional)

3.2 Incident Triage and Analysis (here also excl we can add
that if need ..)
Step-by-step process for triaging alerts.
Criteria for escalating incidents to Tier 2 or management.

5.
# service disk for ticket and for reporting we are we excl sheets like storing all
what we reporting
3.4 Reporting and Documentation
Explain how incidents are documented (e.g., ticketing systems like Jira or
ServiceNow). (is there any other or mention what we have ?)
Reporting requirements (e.g., daily/weekly reports, compliance reports). optional
(we can give the sample report format or link )

#
6. 4.2 Access and Training
Instructions for accessing tools (e.g., URLs, credentials process). (menntion the
websites and deatils ) (optional for that we can create automatic scripts )
Available training resources (e.g., vendor documentation, internal wikis). (here
also need content?) (ips and docx )

5. Key Procedures
5.1 Daily Operations
Typical shift activities (e.g., monitoring dashboards, reviewing logs).(and here we
can add more or ? ) we can provide later and update later

Shift handover process and checklist.(and what we need to tell to upcoming shift
handling guy ? and checklist demo ?) (we can create a web interface for this like
mentioning all deatils and timings and all ) #through WhatsApp or emails samples
(Update: on 30th Evening shift

* Shift handover to Abhishek


* Daily report has been updated
* Weekly report has been updated
* The total alert triggered:81
* Total false positives validate:73
* Total true positives escalate:8)
on WhatsApp

6. 5.2 Escalation Procedures


Criteria and process for escalating incidents. (how we can do that service disk or
what ?) optional:(we can provide video also ) optional we create a doc
Contact points for external teams (e.g., IT, legal, third-party vendors). (what it
mean ?)
# Microsoft teams and all applications for contact clients and our team

5.3 Compliance and Audits {


Relevant regulations and standards. here also what we need
to add
Audit preparation and documentation requirements } (add later )

6. Onboarding and Training


6.1 New Analyst Onboarding
Checklist for new hires (e.g., account setup, tool access, initial training). (what
accounts and setup , all ?) #(pc account and emails and contact application for
team and client and access for office and all and workspace )

Mentorship or shadowing process. (mentorship ? need more deatils ) mention learning


process from senior..

# upcoming events and so add some data about that give space for update later or
arrange that way
6.2 Ongoing Training
Regular training sessions (e.g., threat intelligence updates, tool certifications).
(who is taking the session and what ? )
Resources for self-learning (e.g., internal knowledge base, external courses).
(websites and courses links )

# mention upcoming things


1111111111`
7. Key Metrics and KPIs
{
Metrics tracked by the SOC (e.g., mean time to detect (MTTD), mean time to respond
(MTTR)). what ? (A Key Performance Indicator (KPI) is a quantifiable
measure of performance over time for a specific objective.)

How KPIs are measured and reported. }

#here we can add tools


8. Threat Intelligence
{
Sources of threat intelligence (e.g., internal feeds, third-party services like
Recorded Future). here also need clarity ?
How to consume and apply threat intelligence in monitoring.
}

11. Glossary {
Key terms and acronyms (e.g., SIEM, IOC, TTPs, MTTD/MTTR).
what?
Definitions specific to the organization or project.
}

12. Appendices
Appendix A: Links to internal resources (e.g., wikis, SOPs). {
Appendix B: Emergency contacts and escalation matrix. here
also missing content ?
Appendix C: Sample incident report�template. }

# giving the client contact details and our team


# sample report

# 3 separate pages for a and b and c

You might also like