To provide a clear directive from executive management to all business heads to ensure long term support for building SOC and implementing necessary process.This discussion would be in terms of financial commitments. staff requisitions, and operating costs may require approval from senior management.
At this stage ,to plan and develop detailed requirements for various SOC domain such as corporate systems which includes servers,networking devices,database,endpoints etc.Prioritization process would be the key to select the SOC domains.
Based on the acquired tools and skills,start implementing the SOC and ensure that end to end log capturing ,logs storage,correlation and all the feature requirement is in perfect stage to start monitoring.And also developing SOC policies,procedures,integrating new event sources, practising the SOC procedures,training to analysts will be done during implementation.
Post the implementation phase,the key process to start with is continuous monitoring and managing the SOC components.
In a fully active SOC ,the analysts will be performing following key activities :
1-Event log monitoring
2-Incident logging & Escalation processes
3-Daily SOC watch and watch turnover