In our deployment, the SOC Program Management sub-solution will be where the SFC documents, manages, and tracks the SOC program infrastructure including: team personnel, standard incident and breach response procedures, and shift handover reports.

•             Shift Handover Application – In our deployment, shift reports are required for both the SIRT & SRC teams and that information would be tracked in this application.

The Shift Handover application will allow the Incident Coordinator or Shift lead to capture all the information that the Incident Coordinator of the next shift requires to take over incident response duties. The Incident Coordinator of the current shift can capture items that have been closed, items that required follow-up, and summaries of what each incident handler did during their shift. The Incident Coordinator of the next shift can then review all of this information at the beginning of their shift.

•             Teams Application – In our deployment, various team contact information will be stored in this application for use as a security event/incident travels thru the SecOps and breach response workflow.

The Teams application will allow capturing of information about your teams of incident handlers, such as the team name, manager, and a description of the team’s responsibilities, as well as information about the individual team members, such as their names and roles.

•             The individual contacts within the team will be a cross reference to the contacts application within the enterprise management sub-solution.

•             Content Request Application – recommended sub-solution to increase efficiency and accountability of content creation/modifications.

The Teams can input their content modification requests into a form-based application. Once the request is submitted the Content Engineering Team can prioritize, track, and implement the content change with automated notifications back to the requestor.