SCOPE AND OBJECTIVES
Our client set out to ensure their Security Operations Center and Security Incident Response Team in Minneapolis was both onshore and able to meet government requirements of operating 24x7. While a full time support team was needed for overnight and weekend coverage, our client was also faced with the challenge of maximizing productivity during the lower volume periods.
The client desired:
- A fully operational unit that was appropriately managed, included tracking KPIs for the team, managed SLAs, and enabled training and personnel management
- A taxonomy of security incidents to categorize each event/incident properly and identify the best way to respond to similar incidents, creating organization-wide best practices
We constructed and presented a solution that focused on resource management and productivity. Our approach centered on building a team of highly skilled resources that could not only handle the 24x7 coverage, but would simultaneously develop a taxonomy of security incidents. The taxonomy enables best practices around KPIs, incident response quality and efficiency against SLAs. Our team brought expertise in security analysis, network administration, SIEM monitoring, Data Loss Prevention (Vontu), incident management, and HP Service Management (HPSM). We provided the client the following engagement deliverables:
- Boot Camp training to get the team rapidly up to speed and deployed in 3 days
- Establishment of baseline taxonomy KPIs
- Schedule control for 30 resources over 4 schedules to achieve 24/7 coverage
- Proactive and systematic performance management to keep team motivated and attrition rates down
By identifying projects for team members to work on during lower volume periods, overall productivity of the team was maximized while meeting the 24x7 requirements. The client has also seen significant improvements in the quality of security and incident classification. The initial program was extended for a second year, based on its success.