To better understand the concept of the capabilities of securities in their relation to providing intelligence to the SOC, we will look at how we can incorporate each step using the service that is responsible for setting the security baselines for the organization, Security Configuration Management.
A more in-depth chapter on building the cyber intelligence capability within Security Configuration Management will be discussed later.
Using the preceding figure as a guide, we will review in more depth the capabilities that an SCM should provide:
- What their core processes are
- How the service is able to enable their processes (Discovery and Detection)
- How the service is able to inform the appropriate stakeholders or reduce risk (Risk Mitigation)
- How the service assesses the state of security for their area of responsibility (Security State Analysis)
- How the service shares information across and up (Data Exposure and Sharing)