Lesson 7.4 with the mayor last stop on the def SEC ops maturity model and will be looking at Operation
who review has him, as mentioned, the model here for operations examining, monitoring, maturity and also logging maturity.
So there's four levels. We always say this is the information gathering dimension, and we're gonna be looking at the sub dimension for monitoring and also for logging.
So we're looking at the monitoring sub dimension and, ah, the most basic level. You should be doing simple application metrics, some simple system metrics, and as you get a little more mature, you should be doing alerting and have some visualization of the metrics. So you could You can monitor him that way, especially along on a time base,
and then you get the level three should be doing more advanced availability stability. Then start looking at Web app, metrics and and also reviewing your metrics on a regular basis and deactivating any of the ones that that aren't being used. You're not wasting time
gathering metrics off war for
for ideas are parts that aren't be even being used. And then you want a group that met the metrics together and then have some targeting alerting based on these metrics, such that were being used.
Anyone have in the highest maturity level, have some coverage and control of the metrics have some defense metrics. You should have them combined with tests and then screens again with this metric visualization out there and said that so that that they're always being used
so quick. Question What metrics are. Is your organization using for monitoring?
Are they exclusive to operations and maintenance?
Um, do you or the security have the ability to evaluate what what's out there
and the security have their own in the in the operations phase? Where again, if you might be pulling your own, they may be part everybody can see, but they may be metrics that you're interested in or you're presenting them out there so that operations can maintain the avail availability of the system
so back we're looking at thesis dimension here for logging in level one. You should have centralized system logging. You should be logging security events and also P II logging not obviously P II, but monitoring for it
on. Then you should have some visualized logging, just like we're doing with the metrics of visualizing the metrics.
And then you should have centralized application logging. So maybe the standard Jozias we We have centralized logging for the systems, but you really want to start doing for the application as well. And then the highest level you probably already have since we're all security people,
is the idea of a SIM or where you're having this correlation of security events so you can
track events instead of individual units of security asses. Correlation of maybe some higher level activity that's going on
just a quick quiz. Which of the four activities are not considered to be part of the highest level of maturing for monitoring? Is it coverage in control metrics, simple application metrics, defense metrics or screens with metric visit visualization?
So the simple metrics are continued to be. The first level of the give away was the word simple. In there, it's not specific. Like the word defense.
This is a quick module where we just
take a look at the maturing operations and then the next will look at continuous monitoring