SOCTOM Whitepaper
Defining and Operationalising a SOC Target Operating Model Using the SOC–CMM
Introduction
Security operations can be hectic. Running the SOC business includes dealing with continuous and ever–increasing event and alert flows, managing incidents, reducing false positives, and analysing and responding to threats. This is all in a day’s work. However, balancing operational activities with continuous improvement and managing SOC expectations and ambitions can be challenging.
In 2020, Gartner released a research paper on creating a SOC target operating model: Create a SOC Target Operating Model to Drive Success. This is an excellent piece of work that outlines the importance of creating a Target Operating Model (TOM) to provide strategic direction for the SOC. This strategic direction is crucial for obtaining long–term goals, supported by the right level of management within the organisation. This whitepaper explains how to use the SOC–CMM to define and operationalise your target operating model, introduces the SOC–CMM SOCTOM tool, and provides best practices and guidance for defining your SOCTOM.
©2022 SOC–CMM