Care must be taken when developing the overall design of your organization's SOC toolset, drawing upon the maturity developed during the implementation of your overall information security program. The development of your SOC toolset should center on what is important to your organization's missions, and ultimately being able to ensure that your organization continues to be able to exercise that mission.
You must ensure that you work with your stakeholders to determine key information such as:
- Sensitive organizational data
- Sensitive information technology assets
- Your organization's risk appetite
- Allowable business process disruption
- How information systems are interconnected and communicate with each other
Work with your organizational leaders and users to develop an understanding of important technical information such as:
- How your business applications and databases interact with each other
- How different business applications share information
- How the servers are configured that support these business applications
- How the network is configured to ensure effective communications with business applications
Understanding information such as that presented, and more, will help you to ensure that you have the necessary visibility into the aspects of your organization's network and information system. Doing this will help you to protect the assets that matter the most, allowing you to react if an internal or external threat attempts to access those assets.