Page 9 - Cyber Warnings
P. 9
Alert analysts should be given playbooks and procedures to decide on the priority and
assignment of alerts.
Incident Responder:
Performs deep incident analysis by correlating data received from the Alert
Analyst and other sources
Identifies if a critical system or data set has been impacted and recommends
solutions
Collects and correlates threat intelligence related to the incident and uses the
data to investigate
Assists in decision making using different types of software, e.g. phishing,
malware and ransomware.
The Incident Responder should be trained in advanced network forensics, host-based
forensics, incident response procedures, malware assessment, network forensics, log
reviews and threat intelligence.
Subject Matter Expert:
Proactively searches for breaches in order to avoid escalated incidents
Conducts deeper analysis on complex incidents including malware reversing, log
analytics, forensics and response planning
Contributes to developing, tuning and implementing threat detection analytics
The Subject Matter Expert possesses in-depth knowledge of network, endpoint, threat
detection, forensics, malware reverse engineering, data aggregation and the functioning
of specific applications or underlying IT infrastructure.
SOC Manager:
Directs the SOC and provides input to the company’s larger security strategy,
serving as organizational point person for business-critical incidents
Prioritizes tasks in order to detect, investigate and mitigate incidents that could
impact the business
Creates a workflow model and ensures that reporting and documentation are
maintained accordingly
Implements standardized operating procedures (SOPs) for handling incidents to
guide analysts through the triage and response processes
Manages resources, personnel, budget and scheduling to meet SLAs
9 Cyber Warnings E-Magazine – May 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
