https://community.isc2.org/t5/Governance-Risk-Compliance/Do-I-need-a-SOC/m-p/67036#M1078 <P>A company has recently undergone an exponential growth to 500 employees.</P><P>Everyone works from home and uses a cloud based solution for email and documents.</P><P>Needless to say, things are in a bit of a mess and need strightening up.</P><P>&nbsp;</P><P>I was asked if they needed a SIEM.</P><P>&nbsp;</P><P>This sparked many thoughts, before they employ a SIEM - They need to have things in place otherwise money will be wasted and no real value will be gained.</P><P>&nbsp;</P><P>1, Asset management and Data Classification (inc Supplier assessments)</P><P>2, Threat Modelling (prioritisation)</P><P>3, Risk Assessments<BR /><BR />From there they can look at what they would like to ingest and make use of.</P><P>&nbsp;</P><P>I am sure that there are other things to be considered before deciding if a SIEM is appropriate and would appreciate any input.<BR /><BR />Thanks in advance</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 08 Feb 2024 14:05:15 GMT sarlacpit 2024-02-08T14:05:15Z https://community.isc2.org/t5/Governance-Risk-Compliance/Do-I-need-a-SOC/m-p/67036#M1078 <P>A company has recently undergone an exponential growth to 500 employees.</P><P>Everyone works from home and uses a cloud based solution for email and documents.</P><P>Needless to say, things are in a bit of a mess and need strightening up.</P><P>&nbsp;</P><P>I was asked if they needed a SIEM.</P><P>&nbsp;</P><P>This sparked many thoughts, before they employ a SIEM - They need to have things in place otherwise money will be wasted and no real value will be gained.</P><P>&nbsp;</P><P>1, Asset management and Data Classification (inc Supplier assessments)</P><P>2, Threat Modelling (prioritisation)</P><P>3, Risk Assessments<BR /><BR />From there they can look at what they would like to ingest and make use of.</P><P>&nbsp;</P><P>I am sure that there are other things to be considered before deciding if a SIEM is appropriate and would appreciate any input.<BR /><BR />Thanks in advance</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 08 Feb 2024 14:05:15 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/Do-I-need-a-SOC/m-p/67036#M1078 sarlacpit 2024-02-08T14:05:15Z https://community.isc2.org/t5/Governance-Risk-Compliance/Do-I-need-a-SOC/m-p/67040#M1079 Before a SOC, or a SIEM or any other bits and bobs do they have appropriate policies? Particularly with regards to OS, User and application logs? I’d say getting the first cut of a boiler plate policy they can use as a template/guide for their market, vertical, country should be very high priority. They could also write their own but they seem to be deep in the tooling weeds.<BR /><BR />I’d agree with your asset register/CMBD as one to start as well, but you might find starting classification, threat modeling and risk as dementia tricky without an appropriate policy framework(also their local privacy and other regulations dictate what you can and can’t collect/do).<BR /><BR />Some opinion from me but as a first step I’d get a basic, rough cut security policy first if it’s not there.<BR /><BR /> Thu, 08 Feb 2024 16:42:53 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/Do-I-need-a-SOC/m-p/67040#M1079 Early_Adopter 2024-02-08T16:42:53Z https://community.isc2.org/t5/Governance-Risk-Compliance/Do-I-need-a-SOC/m-p/67057#M1080 <P>Thanks, that's really good point.</P><P>&nbsp;</P> Thu, 08 Feb 2024 20:14:08 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/Do-I-need-a-SOC/m-p/67057#M1080 sarlacpit 2024-02-08T20:14:08Z