This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.
SOC-CMM forum SOC-CMM SOC-CMM community forum v
SOC Certification Body

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Thread Modes
SOC Certification Body
darren.bnm Offline
validated user
Posts: 7
Threads: 5
Joined: Apr 2019
Reputation: 3
#1
05-16-2019, 06:43 AM
Hi Rob, 
Do you know of any SOC Certification Body?
For example, Head of Cybersecurity wants to prove that its SOC is an advanced SOC with all the top-notch technologies, processes, and people.
Is there any well-known third party that can certify this?

Thanks!
Best regards,
Darren
Find
Reply
robvanos Offline
Super Moderator
******
Posts: 44
Threads: 14
Joined: Feb 2019
Reputation: 4
#2
05-22-2019, 05:57 PM
Hi Darren,

I'm not aware of any such certification. There are consulting companies that have proprietary maturity models that they use for assessment. This sort of maturity assessment could be used as 'proof' of an advanced SOC. Of course, the SOC-CMM could be used for the same purpose. Objectivity can be introduced by having the assessment conducted by a third party. In the Netherlands, there is already a company doing SOC-CMM assessments. There may be others that I am not aware of. The advantage of using the 'open' SOC-CMM for assessments is that you can avoid 'vendor lock-in' due to proprietary confidential models.

Regards,
Rob.
Website Find
Reply
ViliusBenetis Offline
validated user
Posts: 3
Threads: 0
Joined: May 2019
Reputation: 0
#3
06-08-2019, 09:24 PM (This post was last modified: 06-09-2019, 04:16 PM by ViliusBenetis.)
(05-16-2019, 06:43 AM)darren.bnm Wrote: Hi Rob, 
Do you know of any SOC Certification Body?
For example, Head of Cybersecurity wants to prove that its SOC is an advanced SOC with all the top-notch technologies, processes, and people.
Is there any well-known third party that can certify this?

Thanks!
Best regards,
Darren

Dear Darren,

our team is running SOC-CMM assessments, and issue confirmation of assessed level via signed by us paper (certificate). We do so for different projects around the world - both for new ones where we build out CSIRT/SOCs, but as well for established SOCs. Usually our work serve a bit different purpose than you have mentioned - I would say, to validate the effectiveness of resources spent, or planning/justifying the future balanced developments.

Please contact me (vb_AT_nrd.no), if you want to hear more on how we approach such audits and confirmations.

Vilius Benetis
NRD Cyber Security
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)