Release of Issue 1.0 Security Operations & Incident Management Knowledge Area
Published: 15 Jan 2019, 6 a.m.
Security Operations & Incident Management KA issue 1.0 has now been released.
This KA starts by introducing some of the vocabulary, processes and architecture. It then follows the loop concepts, discussing detection at the sensor level, both looking at data sources and detection algorithms. It then discussed Security Information and Event Management, instantiating Analyse from a more global perspective than sensors. Using the Security Orchestration, Analytics and Reporting (SOAR) concept, it further develops the modern aspect of the Plan and Execute activities.