Security Operations Management
Unlock the complete study guide + 1,040 practice questions across 16 full exams.
Bundled into the existing Certified Cloud Security Professional premium course — no separate purchase.
Included in this chapter:
- The SOC and the SIEM pipeline
- From alert to action: SOAR and intelligent monitoring
- The NIST SP 800-61 incident-response lifecycle
- Continuous monitoring and vulnerability assessment ops
- Exam-pattern recognition
SOC tooling and process boundaries at a glance
| Capability | What it does | Key standard / artifact | Where the boundary is |
|---|---|---|---|
| SIEM | Aggregates and correlates logs across sources into alerts | NIST SP 800-92 (log management) | Detection; not the restore-service process |
| SOAR | Runs playbooks to automate enrichment and first response | Vendor playbooks | Automates response; analyst still judges ambiguous cases |
| Incident response | Works the SP 800-61 phases to contain and recover | NIST SP 800-61 | Technical IR; ITIL incident mgmt does the formal workflow |
| Continuous monitoring | Maintains ongoing awareness of threats and control state | NIST SP 800-137 (ISCM) | Ongoing, not the point-in-time assessment |
| Vulnerability assessment | Finds and prioritizes weaknesses on a schedule | Scan cadence + risk rating | Identifies flaws; penetration testing exploits them |
Decision tree
Cheat sheet
Unlock with Premium — includes all practice exams and the complete study guide.