In this phase, we start to see the consolidation of reporting for teams, as well as changes in reporting to the customer and the SOC. At this point, information is starting to be processed in Security State Analysis, where information is being analyzed in both directions to provide the most value to the stakeholders. However, we can still see that there are still multiple reports going to the customer that may or may not cause confusion as to what risk to mitigate first.

These are the main highlights from the phase:

• Data overload may or may not exist for the customer as reporting is becoming more customized.
• The SOC begins to analyze reports from the services and provides guidance and direction to the teams.
• The one-lane road is starting to become two lanes that are going to and from the customer: from Operational Level to Tactical Level.
• There is an improvement in the interaction between information security teams, but they do not fully interface with each other.
• With the improvement in communication, the customers have more of an idea of what needs to be fixed and when. Building relationships and improving governance will contribute to the accountability for findings being addressed.