Date of Award


Degree Type

Restricted to Claremont Colleges Dissertation

Degree Name

Information Systems and Technology, PhD


Center for Information Systems and Technology

Advisor/Supervisor/Committee Chair

Tamir Bechor

Dissertation or Thesis Committee Member

Chinazunwa Uwaoma

Dissertation or Thesis Committee Member

June K. Hilton

Dissertation or Thesis Committee Member

Miloslava Plachkinova

Terms of Use & License Information

Creative Commons Attribution 4.0 License
This work is licensed under a Creative Commons Attribution 4.0 License.

Rights Information

© 2020 Norah Alharbi


Cyberattacks, Cybersecurity, maturity model, security operations center, security operations center maturity model

Subject Categories

Information Security | Science and Technology Studies


Cyberattacks and threats from hardware and software system components are rapidly emerging as one of the biggest challenges that today’s businesses, government agencies, and individuals face. As a result, organizations are continuously trying to adapt and update their information assets. One of the most popular preventive methods against these malicious attacks is establishing of a security operations center (SOC). SOCs are responsible for protecting mission-critical information, as well as detecting and responding to attacks; they are also tasked with planning and creating contingency procedures to meet not only known challenges but also emerging and as yet undiscovered ones. However, organizations are faced with a real challenge: The absence of a holistic framework and guidance on how to establish an SOC, which makes setting up an SOC a complex task. Each organization is trying to reinvent the wheel, which has led to a diversity of implementation forms. Consequently, without a consistent method or process to follow, there is no way to ensure that the essential attributes for establishing an SOC are met. There are also no clear mechanisms for determining the maturity level and capabilities of these SOCs. To address these gaps, this research attempted to: formulate an up-to-date definition of SOC and identify SOC’s essential attributes, develop an SOC maturity model (SOC-MM) based upon the context of newly emerging cyber threats, design an SOC-MM tool that can identify current level of maturity in organization and provides recommendations on how to reach the next maturity level, and finally implement and evaluate the SOC-MM and SOC-MM tool through a case study approach to prove its effectiveness for organizations. Primarily, a design since research approach was adopted, which is a proactive research methodology. This approach is appropriate for research areas that are not clearly defined, as in the case of SOCs. Following the DSR process, the research steps for this study were as follow: the problem was defined through literature review, the research objectives were then listed, then interview and survey questions were created based on information gathered from the literature review. Interviews and surveys were then conducted with SOC experts and CSOs to formulate SOC's definition, the attributes, and the SOC-MM. From the designed SOC-MM, the tool was created, then was sent to an organization to be evaluated along with the SOC-MM. There is a lot of possible beneficiary of the proposed model and tool, such as in organization as a self-assessment tool, where they can use the tool to measure their level of maturity and work on the recommendations provided for them to enhance their SOC. Another method of implication is in consultancy companies as a part of their services that they provide for their customers; the model proposed provides new insights that can help determine maturity through different landscapes than these models. Furthermore, it can be used in the organization's audit department, where they can use the model as a part of the performance evaluation and provide the SOC with the proposed recommendation to ensure continued improvement of the SOC. Keywords: Cyberattacks, security operations center (SOC), maturity model (MM), newly emerging cyber threats, security operations center maturity model (SOC-MM).