SOC Communication Standards

Consistency

Security Operations Centre (SOC) is aligning all of our communication methods to provide better consistency and legitimacy, helping you to quickly identify important SOC messages from possible phishing or white noise. Our efforts include:

  1. Communications will always come from a restricted and controlled sender group (security@uwo.ca), as opposed to coming from each individual Security Analyst.
  2. The email signature will continue to identify the individual who is actually sending it, however, will follow a consistent format.
  3. Specific and repetitive email (e.g. vulnerability identification) will follow a template and be consistently worded.

 

Purpose, and Urgency/Importance

SOC is now using tags within the subject line to provide quickly identifiable clarity around our message’s purpose and its urgency and importance, in a consistent manner. Below are the tags we will be using and their general intent.

 

Purpose:

[SOC-INFO] Providing facts, knowledge, or a general message of interest. Commonly sent to the TUMs wider audience.

[SOC-ADVISORY] Providing facts, knowledge, and details for a security concern/event of general interest. Commonly sent to the TUMs wider audience. (e.g. known vulnerabilities, CVEs (Common vulnerabilities and exposures), compromised applications, known breaches, etc.)

[SOC-NOTICE] A formal notice, request, or signal for action, sent to an individual or group. (e.g. host specific vulnerabilities, mis-configurations, targeted CVEs, etc.)

[SOC-ALERT] A warning of danger, threat, or risk, typically with the intention of having it avoided or dealt with vigilantly. (e.g. actively exploited vulnerabilities, AV (anti-virus) & EDR (endpoint detection and response) flagged items)

 

Urgency/Importance: (Applicable to the ADVISORY, NOTICE and ALERT tags only)

[LOW] These tasks are usually items that can be accomplished during normal workflow.

[MEDIUM] Medium tasks require some urgency and should take precedence over non-business critical work.

[HIGH] These tasks are very important and must be completed ASAP (as soon as possible).

[CRITICAL] Critical tasks are time-sensitive, and teams are expected to stop what they’re doing and attend to the immediate task at hand.

 Communication Matrix (Printable PDF)


Published on  and maintained in Cascade.