ETSI - GS ISI 007
Information Security Indicators (ISI); Guidelines for building and operating a secured Security Operations Center (SOC)
|Publication Date:||1 December 2018|
The present document covers the 2 types of security incident detection services: internal and external.
The requirements can be implemented at 2 different levels: basic level (partial compliance), advanced level (full compliance).
The present document is structured as follows (after clauses 2 and 3 respectively dedicated to references and terms, symbols and abbreviations):
• Clause 4 describes the activities to which the present document relates.
• Clause 5 presents the requirements applicable to service providers (either internal or external) operating a SOC.
NOTE: These requirements, labelled with lowercase letters (a, b, c, etc.), stem from requirements of a similar reference framework published by ANSSI [i.12], so that their labelling is aligned with them, meaning that not present letters correspond to discarded or not relevant requirements.
• Annex A presents the tasks and skills expected from the service provider's employees.
• Annex B presents the recommendations for the commissioning entities when contracting with security incident detection providers.
• Annex C defines the basic and partial level of implementation of the requirements.