SOCTOM Whitepaper


Defining and Operationalising a SOC Target Operating Model Using the SOCCMM 


Security operations can be hectic. Running the SOC business includes dealing with continuous and everincreasing event and alert flows, managing incidents, reducing false positives, and analysing and responding to threats. This is all in a day’s work. However, balancing operational activities with continuous improvement and managing SOC expectations and ambitions can be challenging.

In 2020, Gartner released a research paper on creating a SOC target operating model: Create a SOC Target Operating Model to Drive Success. This is an excellent piece of work that outlines the importance of creating a Target Operating Model (TOM) to provide strategic direction for the SOC. This strategic direction is crucial for obtaining longterm goals, supported by the right level of management within the organisation. This whitepaper explains how to use the SOCCMM to define and operationalise your target operating model, introduces the SOCCMM SOCTOM tool, and provides best practices and guidance for defining your SOCTOM.

Download the full text

©2022 SOCCMM

le clusis