In this module, you will examine the core responsibilities of a Security Operations Center (SOC) and how it works with other teams across the organization. You will place the SOC within the incident response lifecycle, from detection through recovery. You will also outline the key services a SOC provides across each incident response phase.

In this module, you will distinguish common SOC types (for example, internal, outsourced, and hybrid) and the staffing considerations that shape each, such as roles, coverage models, and escalation paths. You will also compare SOC deployment models (on‑premises, cloud, and managed services) and connect each to typical consumer profiles based on needs like cost, control, scalability, and response expectations.

In this module, you will examine the core roles on an effective SOC team and how each role supports incident response. You will outline the key skills expected for common SOC positions and the primary tools each role relies on. You will also identify how SOC team members coordinate with one another and communicate with external groups during an incident.

In this module, you will identify the types of data a Security Operations Center (SOC) relies on and how security event data fits into SOC monitoring and analysis. You will distinguish SOC-relevant data sources and the kinds of events they produce. You will also review common SOC tools and the key features that support collecting, correlating, and analyzing security data.

In this module, you will identify the external intelligence resources, regulatory bodies, and government and industry organizations a SOC communicates with. You will outline how these relationships support security operations and coordination across stakeholders. You will also describe the key policies, procedures, and governance rules that guide SOC engagement with users, HR, and legal when violations are detected.

In this module, you will focus on how SOC metrics are used to measure and communicate SOC effectiveness. You will examine core ideas behind security data aggregation and how it supports consistent reporting. You will explore Time to Detection (TTD) in a network security context and what it indicates about detection performance. You will consider how to describe the detection effectiveness of security controls using SOC-focused metrics.

In this module, you will describe core SOC workflow management system (WMS) concepts and their role in security operations. You will outline how a typical workflow management system is integrated within a SOC. You will describe what SOC WMS integration involves across tools and processes. You will provide an example of how SOC workflow automation is applied in practice.