Giving a SOC Direction with a Target Operating Model

Annotation 2020 02 04 114417 300x214 1

by John Collins  |  February 4, 2020  |  Submit a Comment

My first research note at Gartner focused on SOC target operating model, or SOCTOM.  Create an SOC Target Operating Model to Drive Success provides high level guidance to security and risk management (SRM) leaders. It drives the importance of understanding the current operating model (COM) and defining where they want to be with a target operating model (TOM).

Our conversations with organizations about SOC efficiency, whether it’s a new SOC or an established one, often uncovers the same issues that spans verticals and geography.  The main issues being failures to communicate and lack of understanding relevant threats.

Some core guidance from the note:

“Communicating and aligning with business leaders, organizational peers, compliance requirements and partners will enable SRM leaders to reduce friction and increase operational effectiveness earlier in the SOC development cycle.”

“Understanding business needs is not the end of this collaboration with C-suite leadership. The leadership team must interpret the ongoing value the SOC is providing to the business. The CISO role is often the designated liaison between the security program and the executive leadership team, but who communicates is irrelevant. The data communicated is critical, and how it is communicated is even more vital to SOC reputation and validation. This is not just an SOC issue, but an overall security program problem that Gartner has addressed in numerous research undertakings to assist SRM leaders.”

“SRM leaders should leverage a formal framework to identify threats, such as ISO 27005:2018, CBEST Threat Modelling or Mitre Threat Susceptibility Analysis. Regardless of the threat-modeling framework or method used, the goal is to answer the question, “What threats is the organization up against?” Measuring threats to understand their nature has a direct impact on the invest components (e.g., people, processes and tools).”

I created a quick reference graphic that is accompanied by a detailed description in the research note for each cell in this matrix to assist SRM leaders with starting a SOCTOM. The Align, Invest and Measure components and their sub components all have a direct impact on each other.  For example, if you don’t understand YOUR relevant threat landscape, you are likely to miss on the right investments and alignment with the business.

There are several components of a SOCTOM that are covered by various Gartner research and the purpose of my note was not provide detailed guidance on each part, but rather to get SRM leaders thinking about current and future state and leverage the collective research we have.

Additional Resources

View Free, Relevant Gartner Research

Gartner’s research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research


Tags: secops  soc  soctom  

93661 John Collins
Sr Director Analyst I
1 year at Gartner
15 years IT Industry

John Henry Collins is a Sr Director Analyst. His work focuses on MSSP, MDR, SOC Operations and Threat Intelligence.Mr. Collins created and ran client beta testing for first security SaaS application at employer. He also built and led first-ever specialist security SaaS SE team at MSSP company.Mr. Collins overhauled security operation center for DHS component organization. He has also worked as incident response and on-premises security consultant, intrusion detection analyst, blue Team vulnerability tester, signals intelligence collector and advanced signals analyst.Read Full Bio

Sourced from: Gartner Blog. View the original article here.

Have you checked out the new website as yet? Benchmark your services against your peers, have a look at what your competitors are doing, get listed in the best Telecoms provider directory in South Africa, and advertise on the site to attract customers to your page where you can view page hits, respond to reviews, load adverts, and more.

Visit or jump to a leading comparison section:

Enjoy the site!


About Telecoms-Channel is your one-stop source for the latest news and insights from the telecoms industry in South Africa, where you get comprehensive coverage of the industry and keep up with the ever-evolving market landscape.

Whether you need to understand market trends, identify new opportunities, or stay informed of the latest developments, we have you covered.

In addition to bringing the best news together, we have access to an extensive supplier network that makes it easy for any telecoms company looking to tap into new markets or enter the telecoms industry. Take advantage of our expertise and contact us today to find your next partner!

Other posts you might be interested in

Ericsson LG
Industry News

Ericsson-LG’s Key Trends Shaping the Future of Enterprise Communication

Ericsson-LG is at the forefront of transforming the business communications landscape. By harnessing the power of artificial intelligence, cloud technology, and robust cybersecurity, the company is empowering businesses to enhance productivity, streamline operations, and improve customer experiences.

Cloud PBX Solutions

Request Once, Get Multiple Quotes - Save Thousands!