Let's get started!
Please tell us some information about you and your area of business.
Name
*
First Name
Last Name
Company Name
*
Job Title
*
Company Email
*
example@example.com
Phone Number
*
-
Area Code
Phone Number
Back
Next
Industry & regulatory scope — Select all that apply.
Financial services / banking / insurance
Healthcare / life sciences / PHI
U.S. Federal contractor / DIB (CUI)
Government (state/local) or Education
Retail / eCommerce / payments (card data)
Energy / utilities / critical infrastructure
Technology / SaaS / data processor
Manufacturing / industrial / OT
Public SEC registrant (issuer/FPI)
Other
Back
Next
Operating model & coverage — Which best describes your SOC coverage and escalation model?
*
24×7 SOC with documented runbooks, SLAs, and tiered escalation.
Business-hours monitoring; informal after-hours on-call.
Fully outsourced MSSP; no internal runbooks or service reviews.
No formal SOC; incidents handled ad hoc by IT.
Back
Next
Telemetry & log management — How comprehensive is your logging (sources, normalisation) and retention?
*
Central SIEM for endpoint/identity/network/cloud/SaaS with ≥12 months retention.
SIEM with endpoints and firewalls; about 90 days retention.
Logs reside in product consoles; no central collection.
Only security device logs are retained.
Back
Next
Detection engineering — How are detection rules/use cases developed, versioned, tested, and maintained?
*
Version-controlled, MITRE ATT&CK-mapped, tested/tuned on a cadence.
Mostly vendor defaults; ad-hoc edits when noisy.
One-time rules at onboarding; rarely revisited.
Rely solely on out-of-the-box alerts; no formal rule process
Back
Next
Incident response readiness — What best describes your incident response plan, roles, and exercise cadence?
*
Documented IR with RACI; legal/HR/PR engaged; regular tabletops and technical exercises.
Plan exists but not exercised; roles unclear.
Plan draft; incidents handled case-by-case.
No documented plan or exercises.
Back
Next
Threat intelligence usage — How is threat intelligence sourced, curated, integrated, and actioned?
*
Curated sources integrated for enrichment/blocking; feedback into detections.
Subscribed to feeds; manual review when time allows.
Rely on vendor blog posts/releases.
No threat intelligence in use.
Back
Next
Vulnerability management integration — How are vulnerabilities prioritized, tracked, and driven to remediation?
*
Risk-based (criticality + exploitability) with SLAs/exceptions; SOC correlates detections.
CVSS only; monthly patch cycles.
Quarterly scans; remediate highs when convenient.
No vulnerability scanning in place.
Back
Next
How do you measure SecOps performance and drive a prioritised improvement backlog?
*
Track MTTD/MTTR, false-positive rate, and ATT&CK coverage; QBRs with a backlog.
Track total alerts and closed tickets; occasional reviews.
Rely on SLA compliance only.
No formal metrics.
Total
Submit
Should be Empty: