1 minute read

G. Service Level Agreements and Responsibilities

3 SOC Solution Implementation, Configuration and Commissioning 4 SOC Service Implementation and Transition 5 SOC Operation and Improvement 2 Months 2nd and 3rd Month

1 Month 3rd Month

Advertisement

12 Months 4th to 12th Month

G. Service Level Agreements and Responsibilities

Responsibilities:

Data Consult will handle all the Security Events generated by the customer’s security controls and sent to the SIEM solution.

After the Triage/Investigation/Classification performed by Data Consult’s analyst/Automated Systems, if required, the case will be escalated to the Customer’ Point of Contact as security incident or Policy Violation.

Policy Violation Use Cases will be shared by the customer according to their internal Policies and Procedures.

Task ownership in scope of the Incident Response function is outlined below using a Model:

Capability Customer Data Consult

Security Events Detection by Customer Security Controls

RA IC Security Events Detection by Data Consult Correlation Rules RA IC Initial Incident Identification & Analysis RA IC Initial Incident Investigation, Triage and Classification RA IC Incident Notification and Escalation RA IC Initial Incident Containment recommendations RA IC Recurrent Incident Mitigation Strategy recommendation I RAC Escalated Incident Response & Investigation I RAC Escalated Incident Forensic Analysis (IR & Forensics Investigation) I RAC Post Mortem Analysis (within the determined retainer period) I RAC

Escalation Guidelines

The process of correcting incidents requires that detection, disruption, resolution, and mitigations disciplines be established and practiced by all levels of the ACFC. This process can and should be mapped to the customer’s phases in their incident response plan, where applicable. A structured progression of recommended actions that directs individuals to perform the appropriate meaningful analysis and actions while troubleshooting is required. The ACFC staff must also have guidelines from the customer for referring incidents to the proper specialists when they cannot be resolved within the ACFC.

Detection

(With the Customer L1 intervention)

XSOAR RA CDA L2 CDA L3

Distribution

(With the Customer L1 intervention)

RA IC

Resolution Mitigation

RA IC RC

Notice the phases of the incident resolution process evolve from left to right and from Level 1 to Level 2. When activities at one skill level have been exhausted on an incident, the incident should be escalated to the next skill level for further action.

Escalation Matrix

This article is from: