CSIRT/SOC maturity assessment and modernization

About CSIRT/SOC

A well-functioning Computer Security Incident Response Team (CSIRT) or Security Operations Centre (SOC) provides a reliable and trusted single point of contact for reporting computer security incidents. CSIRT/SOC is the most effective way to structure incident detection, response and related security operations into manageable, coordinated and competent one-stop centers to deliver cybersecurity services for its constituencies. Maturity assessment of the security team can enable organization to identify problematic areas more accurately and allocate resources more efficiently.

How we do it?

NRD Cyber Security assesses CSIRT/SOC maturity by applying best international practices (SIM3 and SOC-CMM) and as a result the organization is provided with an actionable CSIRT/SOC improvement plan and CSIRT/SOC modernization activities. Depending on scope, the following areas could be assessed:

• Governance;
• Human resources, including knowledge management and training/education;
• Processes;
• Technology, including automation and orchestration;
• Services: security monitoring, security incident management, security analytics and forensics, threat intelligence, threat hunting, vulnerability management and log management.

Experienced, qualified and certified cyber security experts perform the assessment, hence highest quality standards are guaranteed.

The service steps are:

1. Engagement (request  quote  contract)
2. Maturity assessment
3. Reporting (report, maturity certificate and actionable CSIRT/SOC improvement plan)
4. CSIRT/SOC improvement activities (modernization)

The assessment results provide objective overview of team’s maturity (supported by issued certificate) and allow a well-informed decision making towards CSIRT/SOC improvement actions. NRD Cyber Security has carried out a number of maturity assessments the examples of which include, but are not limited to Peru and South Africa.  

Benefits

• Provides objective view on current CSIRT/SOC maturity state;
• Identifies areas for improvement
• Helps to identify opportunities
• Provides an actionable plan with prioritized activity list on how to step-by-step modernize the CSIRT/SOC
• As the assessment is performed based on international best practice and carried-out by experienced and qualified experts, it is easier to build credible arguments and compose improvement initiatives for decision makers

Is it the right solution for us?

Try to answer the following questions:

1. Do we have a CSIRT/SOC mandate in place with clear constituency, authority, responsibility services model and accountability?
2. Can we provide objective evidence whether our security operations are running in effective and efficient way?
3. Is there a comprehensive and actionable CSIRT/SOC improvement plan, reflecting current environmental situation and aligned to the best international practice?
4. Is CSIRT/SOC a part of recognized international cyber community, such as FIRST.Org and TF-CSIRT?
5. Are security incidents automatically registered from various tools and tracked in a unified service desk system with specialized workflow? Are they supported by the Standard Operating Procedures (SOPs)?