McVey’s 37 Questions for a SOC
The Basics: Do you have… 1. Authority to operate, a defined scope of operation, authority to act 2. Enough staff to meet the desired scope of operation 3. Accurate inventory of endpoints (hosts and serves) 4. Accurate inventory of networks, their design and use 5. Accurate inventory of egress points, VPNs, DMZs, externally accessible servers, and externally hosted resources (“the cloud”) 6. Contact lists for groups of users (departments, offices, etc.), system owners, other IT teams, service providers, and external response organizations 7. A list of high value assets and the data they hold (PII, financial data, HIPPA, etc.) Visibility: What is your access to… 8. Logs (Active Directory, DHCP, DNS, firewall, proxy, servers, VPN, etc.) 9. Flow data (source, destination, ports, session time, volume, etc.) 10. Endpoints (disk, memory, and proces