Planning the building a SOC - A Conceptual Process Model


  • Pierre Jacobs CybeAntix
  • Sebastiaan von Solms



There are few frameworks available to consult when building Security Operation Centers (SOCs). (P. Jacobs, 2015). Jacobs proposed such a framework, and this paper builds on the “Planning” part of that framework. The authors could not find any existing conceptual process models where it comes to the planning phase when building SOCs. We propose a conceptual process model to follow during the planning phase of the SOC. Conceptual models are used to represent systems typically made up of the composition of concepts (Robinson; Arbez; Birta; Tolk; Wagner, 2015). The aim of our conceptual process model is to help SOC builders understand the proposed process to be followed during the SOC planning phase and is meant to guide the SOC builder's thinking during the planning phase.


The conceptual process model will start by determining the services that the SOC in development will be offering, followed by deciding on a SOC model. After the determination of the SOC services and model we will identify the technologies and tools to facilitate the services, keeping in consideration the influence the SOC model has on the service. For each of the steps in our conceptual model we have identified existing, public frameworks, standards or best practices. Our conceptual process model will be mapped to these frameworks, standards or best practices with the intention to be used to augment our model.