Phenomenati's Taxonomy of a SOC™ for Cyber Security Operations

A Reference Model of operational needs to guide the evolution of your Security Operations efforts. 

Learn More >>

Top 20 Capability Areas for Cyber Security Operations

This is a familiar topic area with Cyber Security practitioners of all experience levels – What are the core capabilities we need to start investing in as we mature and evolve Cyber Security Operations for our organization? Of course, the answer is always – It depends.

Cyber Security is a very broad set of challenges, and the term “Cyber Security Operations” can mean different things to different people. You first need to create some clarity regarding the overall vision your organization has for Cyber Security Operations; including what specific Services and SLAs are expected. From these Services, you can derive the set of core capabilities you’ll need and when, including some prioritization for which should be acquired first.

Other critical business areas such as MRP, SCM, ERP, CRM, etc. have matured over decades to converge on “taxonomies” or “reference models” that capture the superset of capabilities required to perform their specific disciplines. Convergence on such a capability reference model for Cyber Security Operations has yet to materialize. So herein we have compiled a summary of the top 20 capabilities often found in more mature Cyber Security Operations Centers or (C)SOCs, and grouped them by the 7 challenges every cyber security operations effort ultimately needs to address:

  1. Knowledge of one’s own cyber infrastructure
  2. Knowledge of the threats emerging in cyberspace
  3. Management of Access Controls
  4. Monitoring and Detection
  5. Informed Incident Response
  6. Investigation
  7. and Visibility through advanced reporting

The outline below provides the next level of detail to the taxonomy.


The list of capability areas is a broad superset, and is intended to be descriptive rather than prescriptive. It’s offered strictly as a reference model to inform Security Operations roadmaps, or simply to help teams manage expectations with their stakeholder and leadership communities. The following is an outline of the taxonomy:

Knowledge of one’s own cyber infrastructure

Knowledge of the Threats emerging in cyberspace

Management of Access Controls

Monitoring and Detection

Informed Incident Response

Forensic Investigation

Visibility through advanced reporting

Any one of these topic areas on its own, is broad enough to require a more detailed inventory of specific capabilities and requirements. Which may explain why so many mature SOCs employ an average of more than 50 individual tools and technologies.


Conflict – Risk – Knowledge – Decisions


Whether you are just getting started, or are evolving your existing Cyber Security Operations... 

Our team can help you develop a practical way forward for securing your Organization. 

It's Your Move


This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.