From Wikipedia:
"A service-level agreement (SLA) is a part of a service contract where a
service is formally defined. In practice, the term SLA is sometimes used to
refer to the contracted delivery time (of the service or performance)”.
Usually,
when you are speaking about SLA in a SOC, you mean how long (maximum) it will
take to do something. To be clear I will list the normal SLA used in a SOC for
every service usually provided. Some SLA will be normally provided to the
customers others are “internal” SLAs that you will normally not share with SOC customers.
I would be
happy to listen to your SLAs, so feel free to comment!
Common SLAs
These SLA
apply to every service but can vary from service to service
·
Maximum
days to activate a new customer
·
Maximum
days to deactivate a customer (internal)
·
Coverage
(h24, 5x8 Mon-Fri, etc)
·
Reporting
(on request, automatic, etc)
SDM (Security Device Management)
1) Change Management
·
Max
minutes to start to work a request from the customer
·
Max
minutes to apply a change requested by a customer
·
Max
minutes to apply a rollback (could be seen as a change)
2) Fault Management
·
Max
ninutes passed between the fault of the hardware and the ticket opened
·
Max
hours needed to substitute a hardware declared as damaged
DDoS Mitigation
·
Max
minutes passed between the start of the attack and the ticket opened
·
Max
minutes passed between the ticket opened and the customer contact (phone call,
email, etc)
·
Max
minutes passed between the request of the customer to apply a mitigation rule
and its activation
Note that
in this service there is no possibility of having a SLA for the problem to be
solved because there is no way you can be sure to stop an attack in a certain
period of time.
Log Management
This
service, in some way, could be seen as a device management (sometimes you have
to manage the log collectors, other times the virtual machine or virtual
appliance used to collect the data, etc) additional SLAs can be:
·
Max minutes
passed between the time you stopped receiving logs from a log source and the
time you open a ticket
·
Max minutes
passed between the time you opened the ticket and the time you start working
the ticket
·
Max minutes
passed between the time you started working the ticket and the time you solved the problem
Security Assessment (Vulnerability Assessment, Penetration
Test, etc)
It’s quiet difficult
to establish SLAs in these services but some ideas could be:
·
Max
days passed between the customer signed the contract and the time the company
is able to provide the service (sometime the group is busy with other activities,
has a fit schedule, etc) (internal)
·
Max
days passed between the finish of the activity and the delivery of the activity
report
Thank you so much for reading this post and remember that comments are really appreciated.
I am glad that I saw this post. It is informative blog for us and we need this type of blog thanks for share this blog, Keep posting such instructional blogs and I am looking forward for your future posts.
ReplyDeleteCyber Security Projects for CSE Students
JavaScript Training in Chennai
Project Centers in Chennai for CSE
JavaScript Training in Chennai
Also, UMAC is located between Department of Defense Cyber Command in Maryland and the Cyber Corridor in Virginia. cyber security course in hyderabad
ReplyDeleteThumbs up guys your doing a really good job. It is the intent to provide valuable information and best practices, including an understanding of the regulatory process.
ReplyDeleteCyber Security Course in Bangalore
Very nice blog and articles. I am realy very happy to visit your blog. Now I am found which I actually want. I check your blog everyday and try to learn something from your blog. Thank you and waiting for your new post.
ReplyDeleteCyber Security Training in Bangalore
I will really appreciate the writer's choice for choosing this excellent article appropriate to my matter. Here is deep description about the article matter which helped me more.
ReplyDeleteBest Institute for Cyber Security in Bangalore