This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

Welcome, Guest
You have to register before you can post on our site.



Search Forums

(Advanced Search)

Forum Statistics
» Members: 1,001
» Latest member: william421333
» Forum threads: 34
» Forum posts: 92

Full Statistics

Latest Threads
Doubt with CMMI levels
Forum: SOC-CMM community forum
Last Post: robvanos
11-04-2022, 10:23 AM
» Replies: 1
» Views: 13
Agile in Security Operati...
Forum: SOC-CMM community forum
Last Post: robvanos
08-19-2022, 08:32 AM
» Replies: 4
» Views: 13,327
Training guide
Forum: SOC-CMM community forum
Last Post: robvanos
07-28-2022, 07:49 AM
» Replies: 1
» Views: 29
Supporting the SOC-CMM
Forum: SOC-CMM development
Last Post: robvanos
06-01-2022, 08:22 AM
» Replies: 0
» Views: 282
Question Version 2.2
Forum: SOC-CMM community forum
Last Post: YesseBustos
03-29-2022, 03:38 AM
» Replies: 0
» Views: 569
Reports/Papers to show SO...
Forum: SOC-CMM community forum
Last Post: robvanos
03-09-2022, 01:07 PM
» Replies: 1
» Views: 1,139
SOC-CMM v2.2 (beta releas...
Forum: SOC-CMM development
Last Post: robvanos
02-26-2022, 08:55 AM
» Replies: 4
» Views: 5,328
SOC-CMM: Business Domain ...
Forum: SOC-CMM community forum
Last Post: ViliusBenetis
02-21-2022, 06:16 AM
» Replies: 2
» Views: 1,218
Which extensions should b...
Forum: SOC-CMM development
Last Post: robvanos
02-16-2022, 09:10 AM
» Replies: 3
» Views: 7,284
Benchmarking results for ...
Forum: SOC-CMM community forum
Last Post: mohammedjeelani
01-27-2022, 09:05 AM
» Replies: 0
» Views: 854

Question Doubt with CMMI levels
Posted by: aitor848 - 10-26-2022, 08:19 AM - Forum: SOC-CMM community forum - Replies (1)

Hello people,

I am currently working on a project for a client, and I am using this amazing framework to improve their capabilities. I am encountering a doubt regarding CMMI levels and I don't finish to understand: Why this levels appear only in Services section (1-Security Monitoring, 2-Security Incident Management, 3-Security Analysis & Forensics ...) from scratch and what is the purpose of them? I mean, I know that it is explained in the Introduction section but apart from that, they appear from a blank document before start covering it, and they don't change if I modify some values; it is like they don't change its value unless I manually modify them.

Moreover, why they go from a gradient format? Let me explain myself, for example, In Security Monitoring (point number 1.2.1 (Key performance indicators)) it starts form CMMI level 2 and it finishes in point number 1.2.11 (service roles & responsibilities) in CMM level 3. Does it mean I can modify myself or it is just a reference value?

Could anyone explain me that? I would really appreciate it! Wink

Thank you so much mates,

Print this item

  Training guide
Posted by: - 07-13-2022, 01:15 PM - Forum: SOC-CMM community forum - Replies (1)

Hi rob,
Firstly, well done for your amazing job.
Just wondering if you have any training guide for the SOC-CMM tool Assessors? ( end to end flow how assessors can use the spreadsheet)


Print this item

  Supporting the SOC-CMM
Posted by: robvanos - 06-01-2022, 08:22 AM - Forum: SOC-CMM development - No Replies

If you wish to support the SOC-CMM, there are a number of ways to do so:

1. Obtain a license. There is a license option (license only) that is specifically meant for this purpose. License optiosn can be viewed in the SOC-CMM site license section: SOC-CMM - License & Support

2. Contribute ideas or improvements to the SOC-CMM. For example by sharing your own modifications to the SOC-CMM, contributing ideas for improvement or beta-testing a new release.

3. Share assessment results. Sharing assessment results helps the SOC-CMM to create a benchmark, find common issues between SOCs and aid the creation of a SOC maturity landscape report. The template for sharing results can be found in the downloads section of the SOC-CMM site: SOC-CMM - Downloads

Print this item

  Question Version 2.2
Posted by: YesseBustos - 03-29-2022, 03:38 AM - Forum: SOC-CMM community forum - No Replies

Hi Rob

I hope you're well

I want to know how you include MITER att&ck in the SOC maturity assessment?

Print this item

  Reports/Papers to show SOC Maturity reduces over all security incidents
Posted by: sashank - 02-24-2022, 05:02 AM - Forum: SOC-CMM community forum - Replies (1)

Does anyone know of any research that attempts to answer questions like these: In general, do organizations with mature SOC Practices have better security? and experience lesser incidents ? 

Print this item

  SOC-CMM: Business Domain - Charter
Posted by: cgergen - 02-17-2022, 04:26 PM - Forum: SOC-CMM community forum - Replies (2)

Can anyone help me better understand the expectation of 3.2.7 Accountability under the Business Domain - Charter? The remarks state "Accountability for the SOC for actions taken". What would you expect a Charter to include regarding "Accountability"? A simple statement on who is ultimately accountable for the SOC (e.g. CISO)? A RACI matrix that defines responsibility and accountability for the various services provided by the SOC?

Thanks in advance. First time working through the SOC-CMM and just looking for input from others.

Print this item

  Benchmarking results for Public Sector (Internaltional)
Posted by: mohammedjeelani - 01-27-2022, 09:05 AM - Forum: SOC-CMM community forum - No Replies

Greetings, have any members of this forum used SOC-CMM model to perform assessment on Public/Government entities (internationally) and are willing to share the overall maturity scores [anonymously of course]?

One of our client has used this and is keen to compare itself with other peers in terms of maturity. 

Additionally would be good to know the community's thoughts on best way to increase the maturity levels gradually.


Print this item

  SOC-CMM v2.2 (beta release)
Posted by: robvanos - 10-01-2021, 01:01 PM - Forum: SOC-CMM development - Replies (4)

It’s been 5 years since the initial release of the SOC-CMM. In the past 5 years, the SOC-CMM has evolved from a thesis project to a fully featured self-assessment for Security Operations Centers. The SOC-CMM has found its way into SOCs all around the world, helping security teams mature and professionalize their security operations globally.
Today, I’m happy to announce a new beta release of the SOC-CMM. This release features many enhancements that were introduced in the SOC-CMM4CERT. New elements have also been introduced, mainly in the process domain. With these additions, the SOC-CMM now features Mitre ATT&CK, visibility, detection engineering, adversary emulation and automated defence testing. There are still many more improvements and changes that I initially envisioned for this version, but development takes a lot of time and effort.
If you come across any issues, please let me, preferably through a reply to the post. I’m planning to finalise the product based on your feedback for an official release by the end of this year.

Attached Files
.xlsx   soc-cmm 2.2 - advanced.xlsx (Size: 1.46 MB / Downloads: 653)
.xlsx   soc-cmm 2.2 - NIST CSF 1.1 - mapping.xlsx (Size: 52.54 KB / Downloads: 547)
Print this item

  SOC Tools
Posted by: - 09-04-2021, 11:25 AM - Forum: SOC-CMM community forum - Replies (1)


Could we add more tools under technology section such as TIP,EDR,NDR,UBA,DLP,IMS?
They are very important to modern SOC .

Best Regards

Print this item

  How to set maturity and capability targets
Posted by: Anders - 08-24-2021, 10:09 AM - Forum: SOC-CMM community forum - Replies (3)

Hello Rob and all the communication,
Many thanks for your work and your powerful publications in the field of SOC. I have a question about SOC-CMM. How to determine the target? You indicate that it is based on ambitions and that it is optional. Is this based on a feeling, an estimation from the SOC manager? I'm having trouble figuring out how to set it.

Thanks for your help,
Have a good day.

Print this item