This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

Welcome, Guest
You have to register before you can post on our site.

Username/Email:
  

Password
  





Search Forums

(Advanced Search)

Forum Statistics
» Members: 857
» Latest member: robindoor
» Forum threads: 33
» Forum posts: 90

Full Statistics

Latest Threads
Agile in Security Operati...
Forum: SOC-CMM community forum
Last Post: robvanos
08-19-2022, 08:32 AM
» Replies: 4
» Views: 13,311
Training guide
Forum: SOC-CMM community forum
Last Post: robvanos
07-28-2022, 07:49 AM
» Replies: 1
» Views: 20
Supporting the SOC-CMM
Forum: SOC-CMM development
Last Post: robvanos
06-01-2022, 08:22 AM
» Replies: 0
» Views: 280
Question Version 2.2
Forum: SOC-CMM community forum
Last Post: YesseBustos
03-29-2022, 03:38 AM
» Replies: 0
» Views: 564
Reports/Papers to show SO...
Forum: SOC-CMM community forum
Last Post: robvanos
03-09-2022, 01:07 PM
» Replies: 1
» Views: 1,131
SOC-CMM v2.2 (beta releas...
Forum: SOC-CMM development
Last Post: robvanos
02-26-2022, 08:55 AM
» Replies: 4
» Views: 5,323
SOC-CMM: Business Domain ...
Forum: SOC-CMM community forum
Last Post: ViliusBenetis
02-21-2022, 06:16 AM
» Replies: 2
» Views: 1,212
Which extensions should b...
Forum: SOC-CMM development
Last Post: robvanos
02-16-2022, 09:10 AM
» Replies: 3
» Views: 7,283
Benchmarking results for ...
Forum: SOC-CMM community forum
Last Post: mohammedjeelani
01-27-2022, 09:05 AM
» Replies: 0
» Views: 851
How to set maturity and c...
Forum: SOC-CMM community forum
Last Post: robvanos
09-16-2021, 01:41 PM
» Replies: 3
» Views: 3,110

 
  Training guide
Posted by: Nicholas.edomaruse@kyndryl.com - 07-13-2022, 01:15 PM - Forum: SOC-CMM community forum - Replies (1)

Hi rob,
Firstly, well done for your amazing job.
Just wondering if you have any training guide for the SOC-CMM tool Assessors? ( end to end flow how assessors can use the spreadsheet)

Thanks

Print this item

  Supporting the SOC-CMM
Posted by: robvanos - 06-01-2022, 08:22 AM - Forum: SOC-CMM development - No Replies

If you wish to support the SOC-CMM, there are a number of ways to do so:

1. Obtain a license. There is a license option (license only) that is specifically meant for this purpose. License optiosn can be viewed in the SOC-CMM site license section: SOC-CMM - License & Support

2. Contribute ideas or improvements to the SOC-CMM. For example by sharing your own modifications to the SOC-CMM, contributing ideas for improvement or beta-testing a new release.

3. Share assessment results. Sharing assessment results helps the SOC-CMM to create a benchmark, find common issues between SOCs and aid the creation of a SOC maturity landscape report. The template for sharing results can be found in the downloads section of the SOC-CMM site: SOC-CMM - Downloads

Print this item

  Question Version 2.2
Posted by: YesseBustos - 03-29-2022, 03:38 AM - Forum: SOC-CMM community forum - No Replies

Hi Rob

I hope you're well

I want to know how you include MITER att&ck in the SOC maturity assessment?

Print this item

  Reports/Papers to show SOC Maturity reduces over all security incidents
Posted by: sashank - 02-24-2022, 05:02 AM - Forum: SOC-CMM community forum - Replies (1)

Does anyone know of any research that attempts to answer questions like these: In general, do organizations with mature SOC Practices have better security? and experience lesser incidents ? 

Print this item

  SOC-CMM: Business Domain - Charter
Posted by: cgergen - 02-17-2022, 04:26 PM - Forum: SOC-CMM community forum - Replies (2)

Can anyone help me better understand the expectation of 3.2.7 Accountability under the Business Domain - Charter? The remarks state "Accountability for the SOC for actions taken". What would you expect a Charter to include regarding "Accountability"? A simple statement on who is ultimately accountable for the SOC (e.g. CISO)? A RACI matrix that defines responsibility and accountability for the various services provided by the SOC?

Thanks in advance. First time working through the SOC-CMM and just looking for input from others.

Print this item

  Benchmarking results for Public Sector (Internaltional)
Posted by: mohammedjeelani - 01-27-2022, 09:05 AM - Forum: SOC-CMM community forum - No Replies

Greetings, have any members of this forum used SOC-CMM model to perform assessment on Public/Government entities (internationally) and are willing to share the overall maturity scores [anonymously of course]?

One of our client has used this and is keen to compare itself with other peers in terms of maturity. 

Additionally would be good to know the community's thoughts on best way to increase the maturity levels gradually.

Cheers.

Print this item

  SOC-CMM v2.2 (beta release)
Posted by: robvanos - 10-01-2021, 01:01 PM - Forum: SOC-CMM development - Replies (4)

It’s been 5 years since the initial release of the SOC-CMM. In the past 5 years, the SOC-CMM has evolved from a thesis project to a fully featured self-assessment for Security Operations Centers. The SOC-CMM has found its way into SOCs all around the world, helping security teams mature and professionalize their security operations globally.
 
Today, I’m happy to announce a new beta release of the SOC-CMM. This release features many enhancements that were introduced in the SOC-CMM4CERT. New elements have also been introduced, mainly in the process domain. With these additions, the SOC-CMM now features Mitre ATT&CK, visibility, detection engineering, adversary emulation and automated defence testing. There are still many more improvements and changes that I initially envisioned for this version, but development takes a lot of time and effort.
 
If you come across any issues, please let me, preferably through a reply to the post. I’m planning to finalise the product based on your feedback for an official release by the end of this year.



Attached Files
.xlsx   soc-cmm 2.2 - advanced.xlsx (Size: 1.46 MB / Downloads: 552)
.xlsx   soc-cmm 2.2 - NIST CSF 1.1 - mapping.xlsx (Size: 52.54 KB / Downloads: 440)
Print this item

  SOC Tools
Posted by: mkhalil.eng@gmail.com - 09-04-2021, 11:25 AM - Forum: SOC-CMM community forum - Replies (1)

Dears,

Could we add more tools under technology section such as TIP,EDR,NDR,UBA,DLP,IMS?
They are very important to modern SOC .

Best Regards

Print this item

  How to set maturity and capability targets
Posted by: Anders - 08-24-2021, 10:09 AM - Forum: SOC-CMM community forum - Replies (3)

Hello Rob and all the communication,
Many thanks for your work and your powerful publications in the field of SOC. I have a question about SOC-CMM. How to determine the target? You indicate that it is based on ambitions and that it is optional. Is this based on a feeling, an estimation from the SOC manager? I'm having trouble figuring out how to set it.

Thanks for your help,
Have a good day.

Print this item

  Extract results with question and guidance
Posted by: Keoxes - 02-16-2021, 11:40 AM - Forum: SOC-CMM community forum - Replies (2)

Hi 

Is there or has anyone worked out an easier way to extract the results on a single sheet in raw text that includes the:  Question ¦ Answer ¦ Guidance 

I see there is an output sheet but it doesnt have the questions and guidance included. 

I would like to conduct my own analysis and in my limited knowledge of excel the cyclic loops of data between the _output and question sheets doesnt help in putting the above together easily. 

Ta

Print this item