UNLIMITED FREE
ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

ETSI - GS ISI 007

Information Security Indicators (ISI); Guidelines for building and operating a secured Security Operations Center (SOC)

active, Most Current
Organization: ETSI
Publication Date: 1 December 2018
Status: active
Page Count: 46
scope:

The present document covers the 2 types of security incident detection services: internal and external.

The requirements can be implemented at 2 different levels: basic level (partial compliance), advanced level (full compliance).

The present document is structured as follows (after clauses 2 and 3 respectively dedicated to references and terms, symbols and abbreviations):

Clause 4 describes the activities to which the present document relates.

Clause 5 presents the requirements applicable to service providers (either internal or external) operating a SOC.

NOTE: These requirements, labelled with lowercase letters (a, b, c, etc.), stem from requirements of a similar reference framework published by ANSSI [i.12], so that their labelling is aligned with them, meaning that not present letters correspond to discarded or not relevant requirements.

Annex A presents the tasks and skills expected from the service provider's employees.

Annex B presents the recommendations for the commissioning entities when contracting with security incident detection providers.

Annex C defines the basic and partial level of implementation of the requirements.

Document History

GS ISI 007
December 1, 2018
Information Security Indicators (ISI); Guidelines for building and operating a secured Security Operations Center (SOC)
The present document covers the 2 types of security incident detection services: internal and external. The requirements can be implemented at 2 different levels: basic level (partial compliance),...

References

This document references:
GS ISI 001-1 - Information Security Indicators (ISI); Indicators (INC); Part 1: A full set of operational indicators for organizations to use to benchmark their security posture
Published by ETSI on June 1, 2015
The present document provides a complete set of information security indicators (based on already existing results and hands-on user experience), covering both security incidents and vulnerabilities....
This document references:
GS ISI 001-2 - Information Security Indicators (ISI); Indicators (INC); Part 2: Guide to select operational indicators based on the full set given in part 1
Published by ETSI on June 1, 2015
The present document provides a guide to use the range of indicators provided in ETSI GS ISI 001-1 [5]. The present document is meant mainly to support CISOs and IT security managers in their effort...
This document references:
GS ISI 002 - Information Security Indicators (ISI); Event Model A security event classification model and taxonomy
Published by ETSI on November 1, 2015
The present document provides a comprehensive security event classification model and associated taxonomy (based on existing results and hands-on user experience), covering both security incidents...
This document references:
GS ISI 003 - Information Security Indicators (ISI); Key Performance Security Indicators (KPSI) to evaluate the maturity of security event detection
Published by ETSI on January 1, 2018
The present document defines and describes a set of Key Performance Security Indicators (KPSI) to be used for the evaluation of the performance, the maturity levels of the detection tools and...
This document references:
GS ISI 004 - Information Security Indicators (ISI); Guidelines for event detection implementation
Published by ETSI on December 1, 2013
The scope of the present document is to define and describe a classification of the main symptoms/use cases, which are used to detect security events listed in GS ISI 002 [i.3].
This document is referenced by:
GS ISI 006 - Information Security Indicators (ISI); An ISI-driven Measurement and Event Management Architecture (IMA) and CSlang - A common ISI Semantics Specification Language
Published by ETSI on February 1, 2019
The present document provides a common interaction semantics model called ISI Measurement Architecture (IMA) based on formal approaches that are partially leaned from Set and Graph Theories, such as...
View Less
View All
Advertisement