Exam CISSP topic 1 question 156 discussion

You can't be looking at the SKILLS and TRAINING if you don't even know the SCOPE !! The scope drives what skills/training your SOC analysts will need !

The scope and service catalog of a SOC defines the specific security services that the SOC will provide. This includes threat monitoring, incident response, vulnerability management, and other security-related activities. The scope and service catalog will also determine the required headcount, skills, and tools and technologies. Regardless of whether the SOC is in-house, fully outsourced, or a hybrid, the scope and service catalog will be the main consideration. This is because the scope and service catalog will determine the overall cost of the SOC, as well as the level of security that the SOC can provide.

Scope can be defined regardless of model, the only concerns is around skillset and training, will the inhouse competent enough?, and how competent is the 3rd party soc if 100% outsourced (regardless of who is doing what -scope)

C. Skill set and training. This consideration is crucial regardless of the chosen model because the effectiveness of a SOC heavily depends on the skills and expertise of its personnel. Whether the SOC is managed in-house, outsourced, or a combination of both, having a team with the appropriate cybersecurity skills and continuous training is essential to effectively monitor, detect, analyze, and respond to cybersecurity incidents.

You need an effective & functioning SOC.

MAIN Consideration Regardless of the Model: Answer is D Rule of Elimination: - SCOPE and SEVICE Catalog is already defined (Small company in the question) - Skil set and Training, Regardless of the model means it is not the focus (just ruled out by itself) - Headcount & Capacity (Ruled out as there is not decision made). - Tools & Technology seems to stands out more

I think it's B. When outsourcing completely, issues related to skill sets and training are the concerns of the outsourcing partner, and cannot be considered as issues for our own company.

which of the following would be the MAIN consideration? The CISO and the management team must scope the service that they are interested in and right after they will be thinking about the HR resources and skills.

B seems to make sense but I researched and the SOC appears to have a pretty defined set of responsibilities, so I don't think there is much of a scope and service catalog. https://www.ibm.com/topics/security-operations-center Therefore C is the answer.

It is not C because "regardless of the model" means all aspects regarding the decision between in-house, hybrid or outsourced are NOT asked for. Therefore B and D remains. But D is not a main consideration for establishing a SOC.

https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-61r2.pdf After go through NIST800-61r2, I think skill set and training are the main consideration regarding the SOC model. It metioned team model selection factors: The need for 24/7 Availability Full-Time vs Part-Time Team Members Employee morale Cost Staff Expertise When considering outsourcing, organizations should keep these issues in mind: Current and Future Quality of Work Division of Responsibilities Sensitive Information Revealed to the Contractor Lack of Organization-Specific Knowledge Lack of Correlation Handling Incidents at Multiple Locations Maintaining Incident Response Skills In-House A successful SOC requires a team of skilled and experienced security professionals who can monitor and analyze security events, identify potential threats and vulnerabilities, and respond quickly and effectively to security incidents.

C. Skill set and training would be the MAIN consideration when debating between an in-house, fully outsourced, or a hybrid security operations center (SOC) capability. The effectiveness of a SOC is highly dependent on the skills and experience of the analysts who staff it, regardless of the model used. The organization needs to consider whether it has the internal resources and expertise to build and operate an in-house SOC, or if it would be more efficient and cost-effective to outsource the function to a managed security service provider (MSSP). A hybrid model may also be considered, where some SOC functions are handled in-house and others are outsourced. Regardless of the model chosen, the organization should prioritize hiring or training skilled analysts to staff the SOC.

B - Once we've determined the goals of the SOC and what it's being created to accomplish, we can then look at the required head count and capacity.

B, absolutely