You can read the docs here: ReadTheDocs
When security professionals take on the role of SOC Leader/Manager, they don't all come via the same linear path i.e. some will:
- Inherit the SOC through their existing management leaving the organisation or changing role
- Build a brand new SOC, either as part of efforts to bring SecOps in-house or to build an entirely new capability
As a result, there are challenges when it comes to outlining the roadmap, action plan and resources required, this spans key areas such as operations, service, technology and more.
There are various tools out there for assessing SOC capability, however, there is a disconnect between guidance and action/roadmap.
I am developing an open-source application that allows you, the SOC leader, to perform a self assessment utilising the already great and available tools such as:
-
SOC-CMM
-
SIM3
-
MITRE Inform ... But I will add capabilities that generates a tailored action plan, roadmap and suggested resources required. The app will capture your existing resources, where you're currently at and what your objectives are. This allows you to really action what's missing!
Long live the SOC