Tutcyber

Process

Introduction Security Operations Centers (SOC) need to how the current key skills , tools and processes to be able to detect, investigate and sop threats before they become costly data breaches. Definition  A set of defined repeatable steps that take inputs,odd value and produce outputs that satisfy customer's requirement. Attributes of process  Inputs: Information or materials that are required by the process to get standard. Outputs: Services or products that satisfy customer requirement. Bounds/Scope: The process starts when .. and ends when .. …

SOC1/SOC2 Test

General controls: Inventory Listing. HR Employee Listing. Access Group Listing. Access transaction Log. A.Organization and Management: Organizational Chart. Vendor assessments. B.Communications: Customer Contracts. System Descriptors. Policies and Technical specifications. C.Risk Management and Design/Implementation of controls: IT Risk Assessment. D.Monitoring of controls: Compliance Testing. Firewall monitoring. Intrusion Detection. Vulnerabilities management. Access Monitoring. E.Logical and Physical Access controls: Employment Verification. Continuo…

SOC Reports

Why SOC Reports? Some industry require SOC2 or local compliance audit. Many organizations who know compliance, know SOC2 Type 2  consider it a stronger statement of operational effectiveness than ISO 27001 (Continuous Testing). Many organization's client will accept SOC2 of the right to audit. SOC2 security Name: Trust services Principles and criteria for security - The system is protected against unauthorized access. Governance: AICPA Purpose: Assist service organization management in reporting to customers that it has established security criter…