SOC Maturity level October 14, 2018 (May 4, 2020) AmiBiro Welcome to your SOC Maturity Email Do you have a satisfactory physical SOC location?NOYES- but is very smallYESDo you perform regular teambuilding exercises?YES - every yearYES - every monthNODo you have a formally described shift turnover procedure?NOYES - fully implementedYES - partlyDo you have regular workshops for knowledge development?YES - once in a yearYES - 3 times in a yearNODo you measure employee satisfaction for improving the SOC?YESWorking on atNODo you have a training program in place?YES - for TIER1NOYES - for all roles in the SOCDo you use documented workflows?NOYESIs there a governance process in place?NOYES-Fully implementedYes - not implemented yetYESHave you identified the SOC customers?YES but not fullyYESON-GOINGNOHave you identified the main business drivers?PARTIALFULLNOYESDo you have a career progression process in place?YESNOIs there a reserved budget for education and training?YESNODo you use external employees /contractors in your SOC?External employeesContractorsInternal full time employeesDo you have service level agreements with these customers?On-GoingYESNOYES but not published yetIs the SOC charter document approved by the business / CISO?YESNOOn-GoingOtherIs skill assessment regularly updated with new skills?NOYESWhich assessment?Which of the following roles are present in your SOC? Threat Analyst Incident Handler Penetration Tester Security Specialist Security Analyst Incident Manager Security Architect SOC Manager Team Leader Security EngineerIs there a SOC management process in place?NOYES - fully implementedYES - but not fullyDo you formally differentiate roles within the SOC?YESNODoes the SOC have a formal charter document in place?On-GoingYESNONOT FullyTime is Up!
