SlideShare a Scribd company logo

CSOC Process component.pptx

Download as PPTX, PDF
R Borres
R Borres

Cybersecurity Operations Center Process concerns

Technology
1 of 6
CYBER SECURITY DOMAIN DOMAIN INITIAL INPUTS/CHALLENGES PROCESS  Outdated PNP CampNet Guidelines and Procedures;  Lack of standard policy in developing a secured Information System;  Delay in the implementation of PNP MC No. 2021-180 entitled, “Guidelines and Procedures for the PNP to be a Cybersecurity-Compliant Organization”;
CYBER SECURITY DOMAIN DOMAIN INITIAL INPUTS/CHALLENGES PROCESS  Limited scope of SOP No. 2021-02 entitled, “ITMS Computer Emergency Response Team (CERT) Guidelines and Procedures”  Outdated PNP ICT Security Manual (2010-01)
CYBER SECURITY DOMAIN DOMAIN INITIAL INPUTS/CHALLENGES PROCESS  Absence of Policy and SOP on cybersecurity related incident reporting, response and remediation Manual reporting of security incidents No standard procedure/checklist in incident response  Limited knowledge and awareness in the processes required to operate a CSOC
CYBER SECURITY DOMAIN DOMAIN INITIAL INPUTS/CHALLENGES (in bullet form) PROCESS Existing: PNP • Outdated PNP CampNet Guidelines and Procedures (2006) • Lack of policy in the implementation of Vulnerability Assessment (VA) and Penetration Testing (PT) (scanning limitation) • Lack of standard policy in developing a secured Information System (security by design) (modification of PNP MC 2014-033) • Delay in the implementation of PNP MC No. 2021-180 entitled, “Guidelines and Procedures for the PNP to be a Cybersecurity-Compliant Organization”; note: delay in the procurement of VA tool, for programming of PT • SOP No. 2021-02 entitled, “ITMS Computer Emergency Response Team (CERT) Guidelines and Procedures” • PNP ICT Manual • Physical access policy (ITMS server room) • 24/7 ITMS Help Desk Group 2
CYBER SECURITY DOMAIN DOMAIN INITIAL INPUTS/CHALLENGES (in bullet form) PROCESS Others (Outside PNP) • RA 10173 Data Privacy Act • RA 10175 Cyber Crime Prevention of Act 2012 • RA8792 Ecommerce Act- • DICT MC-006 – Prescribing the Policies, Rules and Regulation on the Protection of Government Agencies Stipulated in the national Cybersecurity Plan (NCSP) 2022 Needed: • No Penetration Testing Tools • Cybersecurity Policy Group 2

Recommended

SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...akquinet enterprise solutions GmbH
 
Shah Sheik Building a CSoC v1.2 DEFCAMP.pptx
Shah Sheik Building a CSoC v1.2 DEFCAMP.pptxShah Sheik Building a CSoC v1.2 DEFCAMP.pptx
Shah Sheik Building a CSoC v1.2 DEFCAMP.pptxmohamadchiri
 
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...Dale Butler
 
European smart grid cyber and scada security
European smart grid cyber and scada securityEuropean smart grid cyber and scada security
European smart grid cyber and scada securityYulia Rotar
 
S nandakumar
S nandakumarS nandakumar
S nandakumarIPPAI
 
S nandakumar_banglore
S nandakumar_bangloreS nandakumar_banglore
S nandakumar_bangloreIPPAI
 
Bizmanualz-Computer-IT-Policies-and-Procedures-Sample.pdf
Bizmanualz-Computer-IT-Policies-and-Procedures-Sample.pdfBizmanualz-Computer-IT-Policies-and-Procedures-Sample.pdf
Bizmanualz-Computer-IT-Policies-and-Procedures-Sample.pdfBizmanualz
 
Critical Infrastructure Protection (CIP) NERC Training : Tonex Training
Critical Infrastructure Protection (CIP) NERC Training : Tonex TrainingCritical Infrastructure Protection (CIP) NERC Training : Tonex Training
Critical Infrastructure Protection (CIP) NERC Training : Tonex TrainingBryan Len
 

Recommended

SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...akquinet enterprise solutions GmbH
 
Shah Sheik Building a CSoC v1.2 DEFCAMP.pptx
Shah Sheik Building a CSoC v1.2 DEFCAMP.pptxShah Sheik Building a CSoC v1.2 DEFCAMP.pptx
Shah Sheik Building a CSoC v1.2 DEFCAMP.pptxmohamadchiri
 
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...Dale Butler
 
European smart grid cyber and scada security
European smart grid cyber and scada securityEuropean smart grid cyber and scada security
European smart grid cyber and scada securityYulia Rotar
 
S nandakumar
S nandakumarS nandakumar
S nandakumarIPPAI
 
S nandakumar_banglore
S nandakumar_bangloreS nandakumar_banglore
S nandakumar_bangloreIPPAI
 
Bizmanualz-Computer-IT-Policies-and-Procedures-Sample.pdf
Bizmanualz-Computer-IT-Policies-and-Procedures-Sample.pdfBizmanualz-Computer-IT-Policies-and-Procedures-Sample.pdf
Bizmanualz-Computer-IT-Policies-and-Procedures-Sample.pdfBizmanualz
 
Critical Infrastructure Protection (CIP) NERC Training : Tonex Training
Critical Infrastructure Protection (CIP) NERC Training : Tonex TrainingCritical Infrastructure Protection (CIP) NERC Training : Tonex Training
Critical Infrastructure Protection (CIP) NERC Training : Tonex TrainingBryan Len
 
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...TI Safe
 
(SACON) Dr. Soumya Maity & Lokesh Balu - A scalable, control-based, developer...
(SACON) Dr. Soumya Maity & Lokesh Balu - A scalable, control-based, developer...(SACON) Dr. Soumya Maity & Lokesh Balu - A scalable, control-based, developer...
(SACON) Dr. Soumya Maity & Lokesh Balu - A scalable, control-based, developer...Priyanka Aash
 
2016_07_22_can_you_protect_my_cc_data
2016_07_22_can_you_protect_my_cc_data2016_07_22_can_you_protect_my_cc_data
2016_07_22_can_you_protect_my_cc_dataKelvin Medina, CISSP, PA-QSA, QSA, GCIH, CISA, ITIL
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsShah Sheikh
 
Top 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure InfrastructureTop 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure InfrastructureInfosec
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of Vulnerability5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of VulnerabilitySkybox Security
 
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Jim Gilsinn
 
SOC for Cybersecurity Overview
SOC for Cybersecurity OverviewSOC for Cybersecurity Overview
SOC for Cybersecurity OverviewBrian Matteson, CISSP CISA
 
Cybersecurity-Audit-A-Case-Study-for-SME.pdf
Cybersecurity-Audit-A-Case-Study-for-SME.pdfCybersecurity-Audit-A-Case-Study-for-SME.pdf
Cybersecurity-Audit-A-Case-Study-for-SME.pdfThilak Pathirage -Senior IT Gov and Risk Consultant
 
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesCMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesPECB
 
Compliance in Virtualized Environments
Compliance in Virtualized EnvironmentsCompliance in Virtualized Environments
Compliance in Virtualized EnvironmentsSeccuris Inc.
 
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccfAdaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccfawish11
 
How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...Ulf Mattsson
 
Isf 2015 continuous diagnostics monitoring may 2015
Isf 2015 continuous diagnostics monitoring may 2015Isf 2015 continuous diagnostics monitoring may 2015
Isf 2015 continuous diagnostics monitoring may 2015abhi75
 
2014-12-16 defense news - shutdown the hackers
2014-12-16 defense news - shutdown the hackers2014-12-16 defense news - shutdown the hackers
2014-12-16 defense news - shutdown the hackersShawn Wells
 
Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99 Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99 Tripwire
 
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...Cohesive Networks
 
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...promediakw
 
Best practices for building network operations center
Best practices for building network operations centerBest practices for building network operations center
Best practices for building network operations centerSatish Chavan
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 

More Related Content

Similar to CSOC Process component.pptx

CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...TI Safe
 
(SACON) Dr. Soumya Maity & Lokesh Balu - A scalable, control-based, developer...
(SACON) Dr. Soumya Maity & Lokesh Balu - A scalable, control-based, developer...(SACON) Dr. Soumya Maity & Lokesh Balu - A scalable, control-based, developer...
(SACON) Dr. Soumya Maity & Lokesh Balu - A scalable, control-based, developer...Priyanka Aash
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsShah Sheikh
 
Top 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure InfrastructureTop 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure InfrastructureInfosec
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of Vulnerability5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of VulnerabilitySkybox Security
 
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Jim Gilsinn
 
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesCMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesPECB
 
Compliance in Virtualized Environments
Compliance in Virtualized EnvironmentsCompliance in Virtualized Environments
Compliance in Virtualized EnvironmentsSeccuris Inc.
 
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccfAdaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccfawish11
 
How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...Ulf Mattsson
 
Isf 2015 continuous diagnostics monitoring may 2015
Isf 2015 continuous diagnostics monitoring may 2015Isf 2015 continuous diagnostics monitoring may 2015
Isf 2015 continuous diagnostics monitoring may 2015abhi75
 
2014-12-16 defense news - shutdown the hackers
2014-12-16 defense news - shutdown the hackers2014-12-16 defense news - shutdown the hackers
2014-12-16 defense news - shutdown the hackersShawn Wells
 
Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99 Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99 Tripwire
 
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...Cohesive Networks
 
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...promediakw
 
Best practices for building network operations center
Best practices for building network operations centerBest practices for building network operations center
Best practices for building network operations centerSatish Chavan
 

Similar to CSOC Process component.pptx (20)

CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
 
(SACON) Dr. Soumya Maity & Lokesh Balu - A scalable, control-based, developer...
(SACON) Dr. Soumya Maity & Lokesh Balu - A scalable, control-based, developer...(SACON) Dr. Soumya Maity & Lokesh Balu - A scalable, control-based, developer...
(SACON) Dr. Soumya Maity & Lokesh Balu - A scalable, control-based, developer...
 
2016_07_22_can_you_protect_my_cc_data
2016_07_22_can_you_protect_my_cc_data2016_07_22_can_you_protect_my_cc_data
2016_07_22_can_you_protect_my_cc_data
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS Environments
 
Top 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure InfrastructureTop 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure Infrastructure
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
 
5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of Vulnerability5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of Vulnerability
 
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
 
SOC for Cybersecurity Overview
SOC for Cybersecurity OverviewSOC for Cybersecurity Overview
SOC for Cybersecurity Overview
 
Cybersecurity-Audit-A-Case-Study-for-SME.pdf
Cybersecurity-Audit-A-Case-Study-for-SME.pdfCybersecurity-Audit-A-Case-Study-for-SME.pdf
Cybersecurity-Audit-A-Case-Study-for-SME.pdf
 
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesCMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
 
Compliance in Virtualized Environments
Compliance in Virtualized EnvironmentsCompliance in Virtualized Environments
Compliance in Virtualized Environments
 
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccfAdaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
 
How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...
 
Isf 2015 continuous diagnostics monitoring may 2015
Isf 2015 continuous diagnostics monitoring may 2015Isf 2015 continuous diagnostics monitoring may 2015
Isf 2015 continuous diagnostics monitoring may 2015
 
2014-12-16 defense news - shutdown the hackers
2014-12-16 defense news - shutdown the hackers2014-12-16 defense news - shutdown the hackers
2014-12-16 defense news - shutdown the hackers
 
Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99 Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99
 
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
 
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
 
Best practices for building network operations center
Best practices for building network operations centerBest practices for building network operations center
Best practices for building network operations center
 

Recently uploaded

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 

Recently uploaded (20)

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 

CSOC Process component.pptx

  • 1.
  • 2. CYBER SECURITY DOMAIN DOMAIN INITIAL INPUTS/CHALLENGES PROCESS  Outdated PNP CampNet Guidelines and Procedures;  Lack of standard policy in developing a secured Information System;  Delay in the implementation of PNP MC No. 2021-180 entitled, “Guidelines and Procedures for the PNP to be a Cybersecurity-Compliant Organization”;
  • 3. CYBER SECURITY DOMAIN DOMAIN INITIAL INPUTS/CHALLENGES PROCESS  Limited scope of SOP No. 2021-02 entitled, “ITMS Computer Emergency Response Team (CERT) Guidelines and Procedures”  Outdated PNP ICT Security Manual (2010-01)
  • 4. CYBER SECURITY DOMAIN DOMAIN INITIAL INPUTS/CHALLENGES PROCESS  Absence of Policy and SOP on cybersecurity related incident reporting, response and remediation Manual reporting of security incidents No standard procedure/checklist in incident response  Limited knowledge and awareness in the processes required to operate a CSOC
  • 5. CYBER SECURITY DOMAIN DOMAIN INITIAL INPUTS/CHALLENGES (in bullet form) PROCESS Existing: PNP • Outdated PNP CampNet Guidelines and Procedures (2006) • Lack of policy in the implementation of Vulnerability Assessment (VA) and Penetration Testing (PT) (scanning limitation) • Lack of standard policy in developing a secured Information System (security by design) (modification of PNP MC 2014-033) • Delay in the implementation of PNP MC No. 2021-180 entitled, “Guidelines and Procedures for the PNP to be a Cybersecurity-Compliant Organization”; note: delay in the procurement of VA tool, for programming of PT • SOP No. 2021-02 entitled, “ITMS Computer Emergency Response Team (CERT) Guidelines and Procedures” • PNP ICT Manual • Physical access policy (ITMS server room) • 24/7 ITMS Help Desk Group 2
  • 6. CYBER SECURITY DOMAIN DOMAIN INITIAL INPUTS/CHALLENGES (in bullet form) PROCESS Others (Outside PNP) • RA 10173 Data Privacy Act • RA 10175 Cyber Crime Prevention of Act 2012 • RA8792 Ecommerce Act- • DICT MC-006 – Prescribing the Policies, Rules and Regulation on the Protection of Government Agencies Stipulated in the national Cybersecurity Plan (NCSP) 2022 Needed: • No Penetration Testing Tools • Cybersecurity Policy Group 2

Editor's Notes

  1. note: delay in the procurement of VA tool, for programming of PT Ongoing implementation of Vulnerability Assessment (VA) tool (scanning limitation) - Delayed response time
  2. Notes: PNP CampNet Guidelines and Procedures was crafted in 2006 security by design and modification of PNP MC 2014-033 delay in the procurement of VA tool, for programming of PT tool
  3. The scope of the SOP is for ITMS only