Quiz Summary
0 of 17 Questions completed
Questions:
Information
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading…
You must sign in or sign up to start the quiz.
You must first complete the following:
Results
Results
0 of 17 Questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 point(s), (0)
Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)
Categories
- Business Drivers 0%
- Charter 0%
- Customers 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- Current
- Review
- Answered
- Correct
- Incorrect
-
Question 1 of 17
1. Question
Have you identified the main business drivers?
CorrectIncorrectHint
Example business drivers: cybercrime prevention, risk reduction, law/regulation, audit/compliance, business continuity.
-
Question 2 of 17
2. Question
Have you documented the main business drivers?
CorrectIncorrectHint
Example business drivers: cybercrime prevention, risk reduction, law/regulation, audit/compliance, business continuity.
-
Question 3 of 17
3. Question
Do you use business drivers in the decision making process?
CorrectIncorrectHint
Example business drivers: cybercrime prevention, risk reduction, law/regulation, audit/compliance, business continuity.
-
Question 4 of 17
4. Question
Do you regularly check if the current service catalogue is aligned with business drivers?
CorrectIncorrectHint
Example business drivers: cybercrime prevention, risk reduction, law/regulation, audit/compliance, business continuity.
-
Question 5 of 17
5. Question
Have the business drivers been validated with business stakeholders?
CorrectIncorrectHint
Example business drivers: cybercrime prevention, risk reduction, law/regulation, audit/compliance, business continuity.
-
Question 6 of 17
6. Question
Specify any comments or remarks you feel are important to this part of the assessment?
-
This response will be awarded full points automatically, but it will be reviewed and possibly adjusted after submission.
Grading can be reviewed and adjusted.Grading can be reviewed and adjusted. -
-
Question 7 of 17
7. Question
Are all stakeholders familiar with the SOC charter document contents?
CorrectIncorrectHint
Making stakeholders aware of the contents can help in.
-
Question 8 of 17
8. Question
Is the SOC charter document approved by the business / CISO?
CorrectIncorrectHint
Approval from the relevant stakeholders will aid in business support for SOC operations.
-
Question 9 of 17
9. Question
Is the SOC charter document regularly updated?
CorrectIncorrectHint
Regularity should be matched to your own internal policy. At least yearly is recommended.
-
Question 10 of 17
10. Question
Please specify elements of the charter document:
CorrectIncorrectHint
A SOC mission should be established to provide insight into the reason for existence of the SOC.
A vision should be created to determine long-term goals for the SOC.
A strategy should be in place to show how to meet goals and targets set by mission and vision.
Service scope is documented to provide insight into SOC service delivery.
The output provided by the SOC, for example: reports, incidents, investigations, advisories, etc.
Responsibilities of the SOC.
Accountability for the SOC for actions taken.
Operational hours of the SOC.
All relevant stakeholders for the SOC.
Objectives and goals should be concrete and measurable so that they are fit for reporting purposes.
A statement of success is used to determine when the SOC is successful. Should be aligned with goals and objectives. -
Question 11 of 17
11. Question
Does the SOC have a formal charter document in place?
CorrectIncorrectHint
-
Question 12 of 17
12. Question
Do you actively measure and manage customer satisfaction?
CorrectIncorrectHint
-
Question 13 of 17
13. Question
Do you regularly send updates to your customers?
CorrectIncorrectHint
For example: changes in service scope or delivery. Can also be reports, dashboards, etc.
-
Question 14 of 17
14. Question
Do you have service level agreements with these customers?
CorrectIncorrectHint
Service level agreements are used to provide standardized services operating within known boundaries.
-
Question 15 of 17
15. Question
Do you differentiate output towards these specific customers?
CorrectIncorrectHint
For example, are communication style and contents to Business customers different than that to IT?
-
Question 16 of 17
16. Question
Have you documented the main SOC customers?
CorrectIncorrectHint
Formal registration of customer contact details, place in the organization, geolocation, etc.
-
Question 17 of 17
17. Question
Have you identified the SOC customers?
CorrectIncorrectHint
Types of customers, customer requirements / expectations, etc.
Use this a guideline for answering 2.1 This is also potentially useful for insights and comparison with previous assessments.
Legal department, may be a stakeholder for privacy, or may request forensic investigation to the SOC.
The audit department can be supported by logging provided by the SOC.
The engineering departments deal with Intellectual Property that may require additional access monitoring.
IT departments can be supported by monitoring for anomalies in their infrastructure and systems.
Business should be the most important customer, as all SOC activities ultimately support business processes.
External customers mostly apply to managed service providers.
Senior management may be a direct SOC customer, depending on organization hierarchy.
Specify any additional customers.