Home
I've been working to modernize our Cyber Security Operation Center (SOC) response time service level objectives (SLOs). Like many organizations, we've seen the goal of the "1 : 10 : 60" which aims to have SOCs "detect" an event within 1 minute, "analyze" within 10 minutes, and "contain" within an hour. For a variety of reasons, we set less aggressive targets --- aiming at 15/60/240 minutes for these objectives. Might other organizations be willing to share/discuss their actual SLOs and target objectives for SOC performance?

I've been working to modernize our Cyber Security Operation Center (SOC) response time service level objectives (SLOs). Like many organizations, we've seen the goal of the "1 : 10 : 60" which aims to have SOCs "detect" an event within 1 minute, "analyze" within 10 minutes, and "contain" within an hour. For a variety of reasons, we set less aggressive targets --- aiming at 15/60/240 minutes for these objectives. Might other organizations be willing to share/discuss their actual SLOs and target objectives for SOC performance?

604 views2 Comments

Sort By:

Oldest

IT Manager in IT Servicesa year ago

I have seen the “1:10:60” goal for improving SOC response times to be a popular target for many organizations. However, depending on your particular needs and resources, this target may not always be attainable. We have set less aggressive targets of 15/60/240 minutes for SOC performance, and these have worked for us in the past.

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

Peer Discussions and Polls
One-Minute Insights
Connect with like-minded individuals

Executive Vice President, Chief Digital Officer & Head of Cybersecurity in IT Servicesa year ago

For SOC services, looking at the criticality of operations, it is better to set very aggressive SLOs which are "1:5:30". This will help to contain actions against critical alerts and meet SOC performance objectives.

Content you might like

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

Applications & Platforms Cloud Data & Analytics+15 more

Head of Enterprise Architecture MERCK Group in Healthcare and Biotecha year ago

Strategy & Architecture

What is your primary deciding factor in adopting enterprise search?

Strategy & Architecture Cloud End-User Services & Collaboration+26 more

TCO19%

Pricing26%

Integrations21%

Alignment with Cloud Provider7%

Security10%

Alignment with Existing IT Skills4%

Product / Feature Set7%

Vendor Relationship / Reputation

Other (comment)

View Results

5.7k views3 Upvotes1 Comment

When staffing cybersecurity roles, have you had success with hiring candidates who lack technical experience? If so, what made that strategy effective?

Talent Sourcing & Hiring Security & GRC Security Strategy & Roadmap

CISO in Energy and Utilities9 days ago

Mentorship is crucial, especially when leading a relatively new team. I've intentionally built a team where nearly 80% are under 35. I sought out young, hungry, and energetic individuals who bring fresh perspectives and a ...read more

170 views1 Upvote1 Comment

How do you see the CISOs role in building trust across the business?

Security & GRC Security Strategy & Roadmap Business Relationships

CISO13 days ago

CISOs play a crucial role in organizations, as data and information protection falls under their responsibility. Building trust across the organization is essential for maintaining a strong cybersecurity posture.

Collaboration ...read more

In the age of cloud computing and remote working, is the traditional firewall dead?

Cloud End-User Services & Collaboration Engineering+10 more

The firewall is dead46%

Long live the firewall53%

4.5k views2 Comments