Lack of focus
Posted: Thu Feb 13, 2025 4:16 am
Violation of the "from simple to complex" principle. Tails in solutions to basic information security tasks inevitably lead to difficulties in solving higher-level tasks. Information asset management, personnel information correlation, information asset categorization - this information is basic when investigating incidents.
Solving tasks that are not typical for the SOC has a negative impact on the performance of its personnel. The SOC manager must ensure that his employees are not distracted by extraneous (for the SOC) matters.
For the sake of "checking the box". Unfortunately, formally singapore whatsapp data the problems of ensuring compliance (with the requirements of regulators or management) does not always lead to a significant increase in the level of security.
"Fire" and forget. Funding for situation centers often ends with implementation, and the provision of resources for day-to-day operations turns out to be insufficient.
The logic of incident detection is not communicated to the duty shift. Insufficient communication between monitoring operators and analysts leads to the fact that the created content (rules, reports, dashboards) is not used or is used ineffectively.
Insufficient flexibility. Attack technologies used by intruders are constantly being improved, which places high demands on the technical capabilities of the monitoring system, the complexity of modification and maintenance of correlation logic, while simultaneously ensuring established procedures and SLA.
Solving tasks that are not typical for the SOC has a negative impact on the performance of its personnel. The SOC manager must ensure that his employees are not distracted by extraneous (for the SOC) matters.
For the sake of "checking the box". Unfortunately, formally singapore whatsapp data the problems of ensuring compliance (with the requirements of regulators or management) does not always lead to a significant increase in the level of security.
"Fire" and forget. Funding for situation centers often ends with implementation, and the provision of resources for day-to-day operations turns out to be insufficient.
The logic of incident detection is not communicated to the duty shift. Insufficient communication between monitoring operators and analysts leads to the fact that the created content (rules, reports, dashboards) is not used or is used ineffectively.
Insufficient flexibility. Attack technologies used by intruders are constantly being improved, which places high demands on the technical capabilities of the monitoring system, the complexity of modification and maintenance of correlation logic, while simultaneously ensuring established procedures and SLA.