Change search
ReferencesLink to record
Permanent link

Direct link
SOC-CMM: Designing and Evaluating a Tool for Measurement of Capability Maturity in Security Operations Centers
Luleå University of Technology, Department of Computer Science, Electrical and Space Engineering, Computer Science.
2016 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

This thesis addresses the research gap that exists in the area of capability maturity measurement for Security Operations Centers (SOCs). This gap is due to the fact that there is very little formal research done in this area. To address this gap in a scientific manner, a multitude of research methods is used.

Primarily, a design research approach is adopted that combines guiding principles for the design of maturity models with basic design science theory and a step by step approach for executing a design science research project. This design research approach is extended with interviewing techniques, asurvey and multiple rounds of evaluation.

The result of any design process is an artefact. In this case, the artefact is a self-assessment tool that can be used to establish the capability maturity level of the SOC. This tool was named the SOC-CMM (Security Operations Center Capability Maturity Model). In this tool, maturity is measured across 5 domains: business, people, process, technology and services. Capability is measured across 2 domains: technology and services. The tool provides visual output of results using web diagrams and bar charts. Additionally, an alignment with the National Institute of Standards and Technology Cyber Security Framework (NIST CSF) was also implemented by mapping services and technologies to NIST CSF phases.

The tool was tested in several rounds of evaluation. The first round of evaluation was aimed at determining whether or not the setup of the tool would be viable to resolve the research problem. The second round of evaluation was a so-called laboratory experiment performed with several participants in the research. The goal of this second round was to determine whether or not the acreated artefact sufficiently addressed the research question. In this experiment it was determined that the artefact was indeed appropriate and mostly accurate, but that some optimisations were required. These optimisations were implemented and subsequently tested in a third evaluation round. The artefact was then finalised.

Lastly, the SOC-CMM self-assessment tool was compared to the initial requirements and research guidelines set in this research. It was found that the SOC-CMM tool meets the quality requirements set in this research and also meets the requirements regarding design research. Thus, it can be stated that a solution was created that accurately addresses the research gap identified in this thesis.

The SOC-CMM tool is available from

Place, publisher, year, edition, pages
2016. , 74 p.
Keyword [en]
Security Operations Center, SOC, Capability, Maturity, SOC-CMM
National Category
Computer and Information Science Social Sciences
URN: urn:nbn:se:ltu:diva-59591OAI: diva2:1033727
Educational program
Information Security, master's level
Available from: 2016-10-12 Created: 2016-10-09 Last updated: 2016-10-12Bibliographically approved

Open Access in DiVA

fulltext(5249 kB)6 downloads
File information
File name FULLTEXT02.pdfFile size 5249 kBChecksum SHA-512
Type fulltextMimetype application/pdf

By organisation
Computer Science
Computer and Information ScienceSocial Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 6 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

ReferencesLink to record
Permanent link

Direct link