SOC Metrics Cheat Sheet

Security Operations Center (SOC) metrics are essential for justifying resource allocation, validating processes, and identifying areas for improvement. This cheat sheet outlines a strategy for creating metrics tied to your organization’s mission and security goals, rather than taking a bottom-up approach that may not resonate with stakeholders outside of the SOC. Aligning to standard frameworks like the SOC Capability Maturity Model, or SOC-CMM, ensures a comprehensive measurement approach across SOC domains and aspects.

This cheat sheet supports content taught in LDR551: Building and Leading Security Operations Centers.

Created by SANS Certified Instructor and Author, Mark Orlando.

May 1, 2025

Login to download

SOC Metrics Poster

Related Content

LDR - Blog - It’s Dangerous to Go Alone- A Consensus-Driven Approach to SOC Metrics_340 x 340.jpg

Cybersecurity Leadership

It’s Dangerous to Go Alone: A Consensus-Driven Approach to SOC Metrics

Metrics play a crucial role in understanding the performance of Security Operations Center (SOC) functions.

Cybersecurity Leadership

Visual Summary of SANS Cybersecurity Leadership Summit 2025

Check out these graphic recordings created in real-time throughout the event for SANS Cybersecurity Leadership Summit 2025

LDR - Blog - Building and Leading Security Operations_340 x 340.jpg

Cybersecurity Leadership

Building and Leading Security Operations: The Infinite Quest

Security operations are not a finite project but an ongoing process to be sustained for as long as possible.