[OWASP-SOCFramework-Project] Presentation feedback (Pavel Taratynov)

Павел Таратынов p.taratynov at gmail.com
Mon Oct 15 13:17:08 UTC 2018

Dear  Muhammad
Thank you for this project! I work as a SOC Architect so I'm very
interested in this project
However, I agree with Eduardo Estevao that we are moving a little bit slow.
I believe we need to establish a project plan with tasks, timeline, and

Regarding your presentation I have several comments:
Regarding feedback for your  presentation:
1. Slide 3. Classification is confusing for me. I think Centralize or
Distributed classification is relevant only for In-House or Hybrid SOC, not
Managed? Do you agree? If so, we should make it more clear on slide 3. I'm
not sure what kind of SOC you mean by "Constituency" This term is usually
used for organizations/customers, which are served by SOC/CERT.
I also propose to add "Combined" (combination of Central SOC with
subordinated distributed SOCs) and "Coordinating SOC" ( national soc
usually) for In-house SOC. See the excellent book "Ten Strategies of a
World-Class Cybersecurity Operations Center", MITRE.
2. Slide 4-5. I agree   that  SOC modal doesn't determine the quantity of
SOC dashboard sets. I'm also doesn't agree that Distributed SOC is always
the best option for a Global organization.  Eduardo Estevao had already
mentioned why and I completely agree with him.
3. Slide 7 The way you use the term "Constituency" is still confusing for
me, sorry. Could you please explain in more details what do you mean? In my
opinion "constituency" is about this definition  -  "SOC provides services
to a set of customers referred to as a constituency SOC provides services
to a set of customers referred to as a constituency- a set of users, sites,
IT assets, networks, and organizations. Constituency can be established
according to organizational, geographical, political, technical, or
contractual demarcations" (c) MITRE
4. Slide 8. From my point of view, Managed SOC doesn't always mean that
security appliances are also managed by the same MSSP provider. It can be
managed by in-house security team or another MSSP. I also propose to add to
the Pros - "OPEX mostly".
5. Slide 11. I propose to group processes to make it more clear and
readable. You can group to the following: 1) Monitoring and Detection 2)
Incident response 3) Threat Intelligence  4) Vulnerability Management 5)
Operational and management processes (Other).

That's all for now because I want to stay focused on primary issues. I
believe we should define  SOC taxonomy and primary SOC processes to move
further. I believe the technology stack is less important at the current

сб, 6 окт. 2018 г. в 15:00, <
owasp-socframework-project-request at lists.owasp.org>:

> Send OWASP-SOCFramework-Project mailing list submissions to
>         owasp-socframework-project at lists.owasp.org
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.owasp.org/mailman/listinfo/owasp-socframework-project
> or, via email, send a message with subject or body 'help' to
>         owasp-socframework-project-request at lists.owasp.org
> You can reach the person managing the list at
>         owasp-socframework-project-owner at lists.owasp.org
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of OWASP-SOCFramework-Project digest..."
> Today's Topics:
>    1. Presentation feedback/comments (Muhammad Naqvi)
> ----------------------------------------------------------------------
> Message: 1
> Date: Sat, 6 Oct 2018 01:16:44 +0300
> From: Muhammad Naqvi <muhammad.naqvi at owasp.org>
> To: Owasp-socframework-project at lists.owasp.org
> Subject: [OWASP-SOCFramework-Project] Presentation feedback/comments
> Message-ID:
>         <CADS4wdFcV27-TUWhRAQJnrwqq8JtNny1tjc++z=+
> pCa4DZQxrQ at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
> Dear Project Team,
> Please send your feedback/ comments on the presentation latest by 15th
> October.
> Regards
> Muhammad Faisal Naqvi
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.owasp.org/pipermail/owasp-socframework-project/attachments/20181006/58988cb8/attachment-0001.html
> >
> ------------------------------
> _______________________________________________
> OWASP-SOCFramework-Project mailing list
> OWASP-SOCFramework-Project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-socframework-project
> End of OWASP-SOCFramework-Project Digest, Vol 4, Issue 1
> ********************************************************

С уважением,
Павел Таратынов.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-socframework-project/attachments/20181015/7e39546b/attachment.html>

More information about the OWASP-SOCFramework-Project mailing list