Security Operations - Industry Specifications and how they apply to Security Operations ()
Security Operations - Industry Specifications and how they apply to Security Operations
Author Rob Campbell
Last Update 29/4/2020
Version 1.0
Security Goals
Use breach data for lessons learnt and control improvement.
Determine the impact and scale of a security breach
Detect and respond to unusual activity.
Reduce the number of Vulnerabilities present within organisation assets.
To be proactive in identifying, containing and treating security issues and incidents
To prevent exploitation of vulnerabilities leading to compromise
Share and Consume Intelligence Data
Respond rapidly and effectively to Cyber alerts
Prevent Malware and Ransomeware from affecting the organisation
Secure delivery of code into the production environment
Reduce vulnerabilities in code and deployed applications
Reduce the attack surface on supported end points
Vulnerability Data
Common Vulnerabilities and Exposures (CVE)
Common Vulnerability Scoring System (CVSS)
Configuration Baselines
Industry Security Benchmarks and Checklists (STIGS)
CIS Benchmarks
Common Attack Pattern Enumeration and Characterisation (CAPEC)
Malware Attribute Enumeration and Characterisation (MAEC)
Structured Threat Information eXpression (STIX including CYBOX)
MITRE ATT&CK Framework
Common Configuration Enumeration (CCE)
Open Vulnerability and Assessment Language (OVAL)
Extensible Configuration Checklist Description Format (XCCDF)
Common Platform Enumeration(CPE)
Build Compliance
Organisation Secure Build Standards
Build Hardening
External Penetration Testing Service
Development Security Testing
Static Analysis Security Testing (SAST)
Software Composition Analysis (SCA)
Dynamic Application Security Testing (DAST)
SAST Tooling
DAST Tooling
SCA Tooling
Sec Mon - Investigate
Research Attack Characteristics
Research Malware
Share Cyber Inteligence
Harden Build
Baseline Build Compliance Checking
Secure Baseline Build Design
Baseline Build Maintenance
Pentest Engagement
Detect Vulnerable Package or Library
Detect Poor Coding
Detect Malicious Code
Evaluate Licences
Cyber Intelligence
Malware Analysis
Security Incident Investigation
Cyber Intelligence Information Sharing
Breach Attack Simulation (BAS)
Threat Hunting
Breach Detection
Anti Malware
Endpoint Detection and Response (EDR)
Online Threat Intelligence Services
MITRE ATT&CK Online Catalogue
Intelligence Information Sharing Services
Detect Control Deficiencies
Breach and Attack Simulation Tooling
Trusted Automated Exchange of Intelligence Information (TAXII) (Protocol)
Build Compliance Checking
Build Hardening Tools
Reduction of Cyber Security and Privacy risks to tolerable levels
Security Information and Event Management (SIEM)
Identify Unusual Activity
Pentest Management
Vulnerability Scanner
Online Malware Analysis
Malware Detection
SecDevOps
Prevent Compromise of Organisation Assets
Minimise the impact of a Cyber Security Event
Detect Compromise of Organisation Assets
Security Goals Use breach data for lessons learnt and control improvement.
Security Goals Determine the impact and scale of a security breach
Security Goals Detect and respond to unusual activity.
Security Goals Reduce the number of Vulnerabilities present within organisation assets.
Security Goals To be proactive in identifying, containing and treating security issues and incidents
Security Goals To prevent exploitation of vulnerabilities leading to compromise
Security Goals Share and Consume Intelligence Data
Security Goals Respond rapidly and effectively to Cyber alerts
Security Goals Prevent Malware and Ransomeware from affecting the organisation
Security Goals Secure delivery of code into the production environment
Security Goals Reduce vulnerabilities in code and deployed applications
Security Goals Reduce the attack surface on supported end points
Security Goals Reduction of Cyber Security and Privacy risks to tolerable levels
Security Goals Prevent Compromise of Organisation Assets
Security Goals Minimise the impact of a Cyber Security Event
Security Goals Detect Compromise of Organisation Assets
Vulnerability Data Common Vulnerabilities and Exposures (CVE)
Vulnerability Data Common Vulnerability Scoring System (CVSS)
Common Vulnerabilities and Exposures (CVE) Development Security Testing
Common Vulnerabilities and Exposures (CVE) Vulnerability Scanner
Common Vulnerability Scoring System (CVSS) Online Malware Analysis
Common Vulnerability Scoring System (CVSS) Vulnerability Scanner
Common Vulnerability Scoring System (CVSS) Development Security Testing
Industry Security Benchmarks and Checklists (STIGS) Organisation Secure Build Standards
CIS Benchmarks Organisation Secure Build Standards
Common Attack Pattern Enumeration and Characterisation (CAPEC) Endpoint Detection and Response (EDR)
Malware Attribute Enumeration and Characterisation (MAEC) Anti Malware
Structured Threat Information eXpression (STIX including CYBOX) Intelligence Information Sharing Services
Common Configuration Enumeration (CCE) Build Compliance Checking
Open Vulnerability and Assessment Language (OVAL) Organisation Secure Build Standards
Open Vulnerability and Assessment Language (OVAL) Build Hardening Tools
Extensible Configuration Checklist Description Format (XCCDF) Organisation Secure Build Standards
Common Platform Enumeration(CPE) Development Security Testing
Build Compliance Baseline Build Compliance Checking
Build Compliance Secure Baseline Build Design
Build Compliance Baseline Build Maintenance
Build Compliance Reduce vulnerabilities in code and deployed applications
Build Compliance Reduce the attack surface on supported end points
Organisation Secure Build Standards Build Hardening Tools
Build Hardening Harden Build
Build Hardening Reduce the attack surface on supported end points
Build Hardening Reduce vulnerabilities in code and deployed applications
External Penetration Testing Service Common Vulnerabilities and Exposures (CVE)
External Penetration Testing Service Pentest Engagement
Development Security Testing Static Analysis Security Testing (SAST)
Development Security Testing Software Composition Analysis (SCA)
Development Security Testing Dynamic Application Security Testing (DAST)
Development Security Testing SAST Tooling
Development Security Testing DAST Tooling
Development Security Testing SCA Tooling
Development Security Testing Detect Poor Coding
Software Composition Analysis (SCA) Detect Vulnerable Package or Library
Software Composition Analysis (SCA) Evaluate Licences
SAST Tooling Static Analysis Security Testing (SAST)
DAST Tooling Dynamic Application Security Testing (DAST)
SCA Tooling Software Composition Analysis (SCA)
Sec Mon - Investigate Research Attack Characteristics
Share Cyber Inteligence Intelligence Information Sharing Services
Harden Build Build Hardening Tools
Secure Baseline Build Design Build Hardening
Baseline Build Maintenance Build Hardening
Malware Analysis Research Malware
Malware Analysis Detect and respond to unusual activity.
Malware Analysis Use breach data for lessons learnt and control improvement.
Security Incident Investigation Research Attack Characteristics
Security Incident Investigation Sec Mon - Investigate
Security Incident Investigation Use breach data for lessons learnt and control improvement.
Security Incident Investigation Determine the impact and scale of a security breach
Security Incident Investigation Detect and respond to unusual activity.
Cyber Intelligence Information Sharing Share Cyber Inteligence
Cyber Intelligence Information Sharing Share and Consume Intelligence Data
Breach Attack Simulation (BAS) Sec Mon - Investigate
Breach Attack Simulation (BAS) Detect and respond to unusual activity.
Breach Attack Simulation (BAS) Reduce the number of Vulnerabilities present within organisation assets.
Breach Attack Simulation (BAS) To be proactive in identifying, containing and treating security issues and incidents
Breach Attack Simulation (BAS) To prevent exploitation of vulnerabilities leading to compromise
Threat Hunting Detect Control Deficiencies
Threat Hunting Sec Mon - Investigate
Threat Hunting Reduce the number of Vulnerabilities present within organisation assets.
Threat Hunting To prevent exploitation of vulnerabilities leading to compromise
Breach Detection Identify Unusual Activity
Breach Detection Respond rapidly and effectively to Cyber alerts
Anti Malware Research Malware
Endpoint Detection and Response (EDR) Sec Mon - Investigate
Online Threat Intelligence Services Intelligence Information Sharing Services
Online Threat Intelligence Services Research Attack Characteristics
MITRE ATT&CK Online Catalogue MITRE ATT&CK Framework
MITRE ATT&CK Online Catalogue Breach Attack Simulation (BAS)
MITRE ATT&CK Online Catalogue Research Attack Characteristics
MITRE ATT&CK Online Catalogue Sec Mon - Investigate
Intelligence Information Sharing Services Research Attack Characteristics
Detect Control Deficiencies Breach Attack Simulation (BAS)
Breach and Attack Simulation Tooling MITRE ATT&CK Framework
Breach and Attack Simulation Tooling Detect Control Deficiencies
Trusted Automated Exchange of Intelligence Information (TAXII) (Protocol) Intelligence Information Sharing Services
Build Compliance Checking Baseline Build Compliance Checking
Build Compliance Checking Organisation Secure Build Standards
Build Hardening Tools Extensible Configuration Checklist Description Format (XCCDF)
Security Information and Event Management (SIEM) Identify Unusual Activity
Pentest Management Pentest Engagement
Pentest Management To prevent exploitation of vulnerabilities leading to compromise
Pentest Management Reduce the number of Vulnerabilities present within organisation assets.
Pentest Management Reduce vulnerabilities in code and deployed applications
Online Malware Analysis Detect Malicious Code
Malware Detection Detect Malicious Code
Malware Detection Prevent Malware and Ransomeware from affecting the organisation
SecDevOps Detect Poor Coding
SecDevOps Detect Vulnerable Package or Library
SecDevOps Evaluate Licences
SecDevOps Reduce vulnerabilities in code and deployed applications
SecDevOps Secure delivery of code into the production environment