This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

Welcome, Guest
You have to register before you can post on our site.



Search Forums

(Advanced Search)

Forum Statistics
» Members: 807
» Latest member: DiyaSimla
» Forum threads: 27
» Forum posts: 73

Full Statistics

Latest Threads
SOC-CMM v2.2 (beta releas...
Forum: SOC-CMM development
Last Post: robvanos
10-12-2021, 08:36 AM
» Replies: 1
» Views: 1,264
How to set maturity and c...
Forum: SOC-CMM community forum
Last Post: robvanos
09-16-2021, 01:41 PM
» Replies: 3
» Views: 458
SOC Tools
Forum: SOC-CMM community forum
Last Post: robvanos
09-09-2021, 01:19 PM
» Replies: 1
» Views: 281
Extract results with ques...
Forum: SOC-CMM community forum
Last Post: Keoxes
03-08-2021, 11:20 AM
» Replies: 2
» Views: 1,800
Where are the mission sta...
Forum: SOC-CMM community forum
Last Post: robvanos
03-08-2021, 11:17 AM
» Replies: 1
» Views: 1,226
SOC Assessment report del...
Forum: SOC-CMM community forum
Last Post: robvanos
11-23-2020, 09:13 AM
» Replies: 1
» Views: 2,221
Forum: SOC-CMM community forum
Last Post: robvanos
11-16-2020, 10:12 AM
» Replies: 1
» Views: 2,384
ICS/OT -SOC-CMM Developme...
Forum: SOC-CMM development
Last Post: Trustconsulting
11-12-2020, 10:27 AM
» Replies: 0
» Views: 1,359
SOC-CMM v2 - input reques...
Forum: SOC-CMM development
Last Post: Ashrafkar
06-26-2020, 08:37 PM
» Replies: 6
» Views: 8,239
Agile in Security Operati...
Forum: SOC-CMM community forum
Last Post: robvanos
06-09-2020, 09:40 AM
» Replies: 2
» Views: 9,524

  SOC-CMM v2.2 (beta release)
Posted by: robvanos - 10-01-2021, 01:01 PM - Forum: SOC-CMM development - Replies (1)

It’s been 5 years since the initial release of the SOC-CMM. In the past 5 years, the SOC-CMM has evolved from a thesis project to a fully featured self-assessment for Security Operations Centers. The SOC-CMM has found its way into SOCs all around the world, helping security teams mature and professionalize their security operations globally.
Today, I’m happy to announce a new beta release of the SOC-CMM. This release features many enhancements that were introduced in the SOC-CMM4CERT. New elements have also been introduced, mainly in the process domain. With these additions, the SOC-CMM now features Mitre ATT&CK, visibility, detection engineering, adversary emulation and automated defence testing. There are still many more improvements and changes that I initially envisioned for this version, but development takes a lot of time and effort.
If you come across any issues, please let me, preferably through a reply to the post. I’m planning to finalise the product based on your feedback for an official release by the end of this year.

Attached Files
.xlsx   soc-cmm 2.2 - advanced.xlsx (Size: 1.46 MB / Downloads: 210)
.xlsx   soc-cmm 2.2 - NIST CSF 1.1 - mapping.xlsx (Size: 52.54 KB / Downloads: 173)
Print this item

  SOC Tools
Posted by: - 09-04-2021, 11:25 AM - Forum: SOC-CMM community forum - Replies (1)


Could we add more tools under technology section such as TIP,EDR,NDR,UBA,DLP,IMS?
They are very important to modern SOC .

Best Regards

Print this item

  How to set maturity and capability targets
Posted by: Anders - 08-24-2021, 10:09 AM - Forum: SOC-CMM community forum - Replies (3)

Hello Rob and all the communication,
Many thanks for your work and your powerful publications in the field of SOC. I have a question about SOC-CMM. How to determine the target? You indicate that it is based on ambitions and that it is optional. Is this based on a feeling, an estimation from the SOC manager? I'm having trouble figuring out how to set it.

Thanks for your help,
Have a good day.

Print this item

  Extract results with question and guidance
Posted by: Keoxes - 02-16-2021, 11:40 AM - Forum: SOC-CMM community forum - Replies (2)


Is there or has anyone worked out an easier way to extract the results on a single sheet in raw text that includes the:  Question ¦ Answer ¦ Guidance 

I see there is an output sheet but it doesnt have the questions and guidance included. 

I would like to conduct my own analysis and in my limited knowledge of excel the cyclic loops of data between the _output and question sheets doesnt help in putting the above together easily. 


Print this item

  Where are the mission statement and scope statement?
Posted by: field - 02-11-2021, 06:54 PM - Forum: SOC-CMM community forum - Replies (1)

Where are the mission statement and scope statement of a soc in this model? They belong to the "Business" part I guess but why I can't find them?
Many thx for the wonderful tool!!

Print this item

  SOC Assessment report deliverable for a customer
Posted by: amilanc - 11-20-2020, 03:27 PM - Forum: SOC-CMM community forum - Replies (1)

I am conducting a SOC assessment for customer and SOC-CMM is a great help in asking right questions. Do you have any report/deliverable templates that I can use to craft a report ?

Print this item

Posted by: Trustconsulting - 11-12-2020, 10:31 AM - Forum: SOC-CMM community forum - Replies (1)

Dear Community, 

Good Day, 

Could any one share usefull ressources templates and considerations during SOC RFP and SOC Building, 



Print this item

  ICS/OT -SOC-CMM Development
Posted by: Trustconsulting - 11-12-2020, 10:27 AM - Forum: SOC-CMM development - No Replies

Dear Community, 

I hope all is well and you are staying Safe and Healthy, 

I want to know if there are intrests to collaborate and develope a SOC-CMM tool adopted to OT/ICS Security operations center

Please let us know your feedback


Print this item

  SOC-CMM v2 - input requested
Posted by: robvanos - 06-24-2020, 02:56 PM - Forum: SOC-CMM development - Replies (6)

I’ve recently written an article called A modern monitoring and response model. I would like to take some of the insights from that article and embed them into the SOC-CMM. More concretely, I’m considering the following changes to the SOC-CMM:

  • Integrating enhancements from the SOC-CMM for CERT.
  • Extending the use case management aspect to include visibility and emphasize validation of security monitoring rules
  • Adding EDR to the technology domain
  • Rewriting ‘analytics’ to ‘network traffic analytics’ and consolidating the IDPS technology. Together with the previous bullet, this means the technology domain is built up from the SOC visibility triad coined by Anton Chuvakin, augmented with SOAR as a major driver for SOC efficiency.
  • Adding purple teaming / red teaming to the services domain
  • Simplifying security incident response, as the SOC-CMM for CERT provides a more detailed assessment.
I’ve become somewhat hesitant to extend the SOC-CMM much further, as it will make assessments even bigger and more time-consuming. Basically, it is big enough as it is. This is why I’m also considering removing the ‘log management’ service from the services domain, and include some of the log management aspects into the security monitoring service.

Please leave your suggestions, comments and thoughts as a reply to this post. I am planning to start the work in August, so you have until then to post your ideas.

Print this item

  What is practical difference between KPIs and Quality indicators?
Posted by: sigitas.rokas - 03-30-2020, 10:21 AM - Forum: SOC-CMM community forum - Replies (3)

Hi all,

Could somebody provide insights on what is the practical difference between KPIs and Quality indicators? 
With some examples and references to methodological background if possible.

For me these terms are similar from practical perspective. For example, TTR (Time To React) is a KPI (which shows how well I am performing) as well as quality indicator for Security Incident Management service (show how well I am delivering service against agreed parameters (a quality means degree of compliance to the applicable requirements)).

Print this item