EVALUATING SECURITY OPERATIONS CENTER (SOC) CAPABILITY THROUGH MATURITY LEVEL ASSESSMENT AND GAP ANALYSIS: A CASE STUDY OF PT. XYZ

Abstract

The increasing intensity and complexity of cyber threats demand a mature and effective Security Operations Center (SOC) to ensure an organization’s resilience. This study aims to evaluate the capability maturity level of the SOC at PT. XYZ, a company operating as a Managed Security Service Provider (MSSP). The research adopts a mixed methods approach, combining qualitative data through observations and interviews with quantitative assessments using the Security Operations Center Capability Maturity Model (SOC-CMM). The study follows a structured framework consisting of five stages: literature review, problem identification, capability maturity assessment, gap analysis, and validation. The SOC-CMM tool was used to assess five process domains: SOC Management, Operations & Facilities, Reporting & Communication, Use Case Management, and Detection Engineering & Validation. The results show that the overall maturity level of PT. XYZ’s SOC is at 1.87 out of 5, below the targeted level of 3. The largest gaps were identified in SOC Management and Detection Engineering, indicating a need for improvement in strategy, governance, and detection capabilities. To strengthen these areas, the gap results were mapped to the COBIT 2019 framework to provide governance-aligned recommendations. The study concludes with strategic recommendations focused on enhancing organizational structure, standardizing processes, developing incident playbooks, and integrating COBIT principles to support long-term SOC development. Validation through experts and internal stakeholders confirmed the accuracy and relevance of the findings. This research contributes to a structured understanding of SOC maturity and offers a practical roadmap for MSSPs seeking capability advancement.