When I think about the capabilities that an SOC should have, I have to relate to a spider. Each part of the spider has a unique purpose. The legs of the spider have small hairs that allow it to know when danger is present or when prey arrives.

In relation to information security:

• Do all of the capabilities work together to know when danger is present?
• Do all the capabilities work together to defend the organization?

The operations and reporting from each leg must report their status to the body (Security State Analysis), but at the same time, the capabilities must be in tune with each other through open communication (Data Exposure and Sharing).