The Security Operations process framework for a typical Arcsight powered and built Security Operations Centre
Thanks for pointing out my deliberate mistake. That just goes to prove I cant count and that the list of core processes applicable to each enterprise does tend to get customized.
For example, in ITIL encumbered SOCs (not always a good thing to tie up agile security practice with ITIL rigidity - but thats another story) where they are running a business chargeable operation we sometimes have Service Management as one our our key SOC processes in the business category. Supporting procedures would be Service Catalog Mgt, Service Delivery etc.
(That should get me back to 16 )