The SOC-CMM model was initially created as a scientific research project to determine characteristics and features of SOCs, such as specific technologies or processes. From that research project, the SOC-CMM has evolved to become the defacto standard for measuring capability maturity in Security Operations Centers. At the core of the assessment tool lies the SOC-CMM model. This model consists of 5 domains and 26 aspects, that are each evaluated using a number of questions. The domains 'Business', 'People' and 'Process' are evaluated for maturity only (blue colour), the domains 'Technology' and 'Services' are evaluated for both maturity and capability (purple colour).
The SOC-CMM uses maturity stages based loosely on the CMMI:
- Non-existent. At this level, the aspect is nit present in the SOC
- Initial. The aspect is delivered in an ad-hoc fashion
- Defined. The aspect is documented and delivered consistently
- Managed. The aspect is managed using ad-hoc feedback on the quality and timeliness of deliverables
- Quantitatively Managed. The aspect is systematically being measured for quality, quantity and timeliness of deliverables
- Optimizing. The aspect is continuously being optimized and improved
SOC-CMM is a continuous maturity model, allowing improvements across all domains simultaneously and independetly.
The SOC-CMM uses a continuous approach to measuring technical capability across the technology and services domains.
These can be technical features, such as the existence of certain tooling options or other features such as service artefacts.
Just like with maturity scoring, capability scoring is continuous.
Similar to the CMMI, the SOC-CMM supports 4 capability levels:
- Incomplete. The capability is missing or lacking essential features
- Performed. The capability is performed, but not standardised
- Defined. The capability is deliverd in a standardised fashion
- Managed. The capability is active managed and improved
Capabilities can be expressed at any maturity level.
The methodology used to create the SOC-CMM is a scientific research approach called Design Science Research. This type of research has a focus on bridging the gap between theory and practice and works well for areas that have not been extensively (scientifically) studied and clearly defined, as is the case for SOC capability and maturity. The goal of Design Research is the creation of a tangible result of the research effort. In this case, two artefacts were created: the SOC-CMM model, which is an abstract representation of SOCs and the self-assessment tool based on that model to evaluate capability maturity in a SOC. Read the thesis here.
Click the button below to proceed to the download section and start improving your SOC today
Download