The foundation for effective cyber defense, typically including the Security Operations Center (SOC) and IR function.
The people, processes, and technology that detect threats across the organization’s business architecture and support investigations during incident response.
IR communication processes to relevant internal and external stakeholders.
The practices and supporting tools for understanding and detecting threat actor tools, tactics, and procedures (TTPs).
How the organization verifies and categorizes incidents, evaluates their severity, and determines proper response actions.
The measurement and development strategies needed to maintain and improve the cyber defense capability.