ABCDEFGHIJKLMNOPQRSTUVWXYZAAABACADAEAFAGAHAIAJ
1
ProcedureSpecificity Level?Exists?Planned Creation Date?Automation Candidate / Priority?Relevant Metric / SOP
2
Steering Committee
3
Review PolicyGeneral StepsNo2020/08/31None
4
Review MetricsExact Steps to FollowNo2020/08/31LowestSpecificity:General StepsSteps Plus Details
Exact Steps to Follow
5
Determine SOC performance delta
Steps Plus DetailsNo2020/08/31LowestNoYes
6
7
Orchestration/Automation Priority
HighestModerateLowestNone
8
9
Command Center
10
Receive RequestSteps Plus DetailsNo2020/06/01Moderate
11
DeconflictionExact Steps to FollowNo2020/06/01Lowest
12
Update IncidentExact Steps to FollowNo2020/06/01Moderate
13
Direct Response ActionExact Steps to FollowNo2020/06/01Lowest
14
Notify ConstituentsExact Steps to FollowNo2020/06/01Moderate
15
Notify Constituents - General Threat Bulletin
Exact Steps to Follow2020/06/01Moderate
16
Impact AssessmentGeneral StepsNo2020/06/01Highest
17
HR InteractionExact Steps to FollowNo2020/06/01Lowest
18
General Counsel InteractionExact Steps to FollowNo2020/06/01Lowest
19
Lost / Stolen Equipment Report
Steps Plus DetailsNo2020/06/01Moderate
20
Law Enforcement InterfaceExact Steps to FollowNo2020/06/01Lowest
21
Meet legal / industry reporting requirements
Exact Steps to FollowNo2020/06/01Moderate
22
Shift & Task handoff oversight
Steps Plus DetailsNo2020/06/01Lowest
23
Recovered Equipment Procedure
Steps Plus DetailsNo2020/06/01Lowest
24
Network Security Monitoring
25
Data CollectionGeneral StepsYes2020/05/01Moderate
26
Validate receipt of data sources
Exact Steps to FollowNo2020/06/14Highest
27
Data MiningGeneral StepsNo2020/07/01Moderate
28
HuntingGeneral StepsNo2020/05/01None
29
Escalation CriteriaSteps Plus DetailsNo2020/05/01Moderate
30
Data SharingExact Steps to FollowNo2020/07/01Lowest
31
Investigate AlertGeneral StepsNo2020/07/01Moderate
32
Lost / Stolen Equipment Report
Steps Plus DetailsYes2020/07/01Lowest
33
Update IncidentExact Steps to FollowNo2020/07/01Moderate
34
Impact AssessmentGeneral StepsNo2020/07/01Lowest
35
Threat Intelligence
36
Information CollectionGeneral StepsNo2020/07/01Moderate
37
CorrelationSteps Plus DetailsNo2020/07/01Moderate
38
Enrichment of Data with Threat Intel
Steps Plus DetailsNo2020/07/01Highest
39
Internal Data MiningSteps Plus DetailsNo2020/07/01Moderate
40
Name setsExact Steps to FollowNo2020/07/01None
41
AttributionSteps Plus DetailsNo2020/07/01Lowest
42
Data SharingExact Steps to FollowNo2020/07/01Moderate
43
Impact AssessmentGeneral StepsNo2020/07/01Lowest
44
HuntingGeneral StepsNo2020/07/01None
45
Update IncidentExact Steps to FollowNo2020/07/01Moderate
46
Lost / Stolen Equipment Report
Steps Plus DetailsNo2020/07/01Lowest
47
Escalation CriteriaSteps Plus DetailsNo2020/07/01Moderate
48
Incident Response
49
InvestigationSteps Plus DetailsNo2020/04/01Lowest
50
Containment - hostExact Steps to FollowNo2020/04/01Highest
51
Containment - network segment
Exact Steps to FollowNo2020/04/01Moderate
52
Containment - network equipment
Exact Steps to FollowNo2020/04/01Moderate
53
Containment - User accountExact Steps to FollowNo2020/04/01Highest
54
Containment - VPNExact Steps to FollowNo2020/04/01Highest
55
Containment - …Exact Steps to FollowNo2020/04/01Moderate
56
Coordinate with affected Business Unit
Exact Steps to FollowNo2020/04/01Lowest
57
Uncontain asset determined to be "clean"
Exact Steps to FollowNo2020/04/01Moderate
58
Fly Away capabilitySteps Plus DetailsYes2020/04/01None
59
Interface w/ Outsourced Forensics
Exact Steps to FollowNo2020/04/01Lowest
60
Impact AssessmentGeneral StepsNo2020/04/01Moderate
61
HR InteractionExact Steps to FollowNo2020/04/01Lowest
62
General Counsel InteractionExact Steps to FollowNo2020/04/01Lowest
63
Escalation CriteriaGeneral StepsNo2020/04/01Lowest
64
Insider Threat ResponseGeneral StepsNo2020/04/01Lowest
65
Lost / Stolen Equipment Report
Steps Plus DetailsNo2020/04/01Lowest
66
Recovered Equipment Procedure
Steps Plus DetailsNo2020/04/01Lowest
67
Transfer asset to outsource Forensic capability
Exact Steps to FollowNo2020/04/01Lowest
68
Asset CollectionExact Steps to FollowNo2020/04/01Moderate
69
HuntingGeneral StepsNo2020/04/01None
70
Update IncidentExact Steps to FollowNo2020/04/01Moderate
71
Law Enforcement subpoena fulfillment
Exact Steps to FollowNo2020/04/01Lowest
72
Law Enforcement InterfaceExact Steps to FollowNo2020/04/01Lowest
73
Self-Assessment - Configuration Monitoring
74
Change ApprovalSteps Plus DetailsNo2020/04/01Lowest
75
Baseline creationExact Steps to FollowNo2020/04/01Lowest
76
Exception request approvalSteps Plus DetailsNo2020/04/01Lowest
77
78
Self-Assessment - Vulnerability Assessment
79
Vulnerability ScanningExact Steps to FollowNo2020/04/01Moderate
80
Correlate public info to assetsSteps Plus DetailsNo2020/04/01Lowest
81
82
Self-Assessment - Penetration Testing
83
Adversary behavior modelingGeneral StepsNo2020/08/01Lowest
84
Reconnaissance General StepsNo2020/04/01Lowest
85
Coordinate with system owners
Steps Plus DetailsNo2020/04/01Lowest
86
Assess systemsGeneral StepsNo2020/04/14Lowest
87
88
Self-Assessment - Exercises
89
Create ExercisesGeneral StepsNo2020/04/01None
90
Conduct ExercisesSteps Plus DetailsNo2020/06/01Lowest
91
Assess Exercise PerformanceExact Steps to FollowNo2020/06/01Lowest
92
Assess DR/BCP of SOCSteps Plus DetailsNo2020/06/01None
93
Assess UsersExact Steps to FollowNo2020/06/01Lowest
94
95
Other
96
SOC Staff Access Log ReviewExact Steps to FollowNo2020/03/01Moderate
97
Initial DR/BCP transfer to secondary facility
Exact Steps to Follow2020/03/01Lowest
98
Hiring /Interview PracticesGeneral StepsNo2020/03/01None
99
SOC Support Capbility
100
ArchitectureSteps Plus DetailsNo2020/05/01Lowest