SOC Quarterly Business Review (QBR)
Purpose: Executive-level review of SOC performance, maturity progression, and strategic alignment. Present to C-Suite and Board stakeholders quarterly.
Quarter: [Q1/Q2/Q3/Q4 YYYY]
Prepared By: [SOC Manager]
Date: YYYY-MM-DD
Distribution: ☐ CISO · ☐ CTO · ☐ CEO · ☐ Board
1. Strategic Summary
2–3 paragraph overview of SOC posture, key wins, and challenges this quarter.
2. KPI Dashboard
2.1 Operational Metrics
| Metric |
Target |
Q-1 Actual |
This Q Actual |
Trend |
Status |
| MTTD (Mean Time to Detect) |
< 30 min |
|
|
🔺/🔻 |
🟢🟡🔴 |
| MTTA (Mean Time to Acknowledge) |
< 10 min |
|
|
|
|
| MTTR (Mean Time to Respond) |
< 60 min |
|
|
|
|
| False Positive Rate |
< 10% |
|
|
|
|
| Escalation Accuracy |
≥ 85% |
|
|
|
|
| SLA Adherence |
≥ 95% |
|
|
|
|
| Dwell Time |
< 24 hrs |
|
|
|
|
2.2 Volume Statistics
| Metric |
Q-1 |
This Q |
Change |
| Total Alerts Processed |
|
|
|
| True Positive Incidents |
|
|
|
| Critical/High Incidents |
|
|
|
| Incidents Requiring Escalation |
|
|
|
| Playbooks Executed |
|
|
|
| Mean Alerts per Analyst per Day |
|
|
|
3. Incident Highlights
Top 5 Incidents This Quarter
| # |
Incident ID |
Severity |
Category |
Impact |
Resolution Time |
Lessons |
| 1 |
|
|
|
|
|
|
| 2 |
|
|
|
|
|
|
| 3 |
|
|
|
|
|
|
| 4 |
|
|
|
|
|
|
| 5 |
|
|
|
|
|
|
Incident Trends
| Category |
Q-1 Count |
This Q Count |
Trend |
| Phishing |
|
|
|
| Malware |
|
|
|
| Account Compromise |
|
|
|
| Data Exfiltration |
|
|
|
| Other |
|
|
|
4. Maturity Growth (SOC-CMM)
| Domain |
Q-1 Score |
This Q Score |
Change |
Target (EOY) |
| Business |
/5 |
/5 |
🔺/🔻 |
/5 |
| People |
/5 |
/5 |
|
/5 |
| Process |
/5 |
/5 |
|
/5 |
| Technology |
/5 |
/5 |
|
/5 |
| Services |
/5 |
/5 |
|
/5 |
| Overall |
/5 |
/5 |
|
/5 |
5. Detection Coverage
MITRE ATT&CK Coverage
| Tactic |
Rules |
Coverage % |
Gap Priority |
| Initial Access |
|
|
|
| Execution |
|
|
|
| Persistence |
|
|
|
| Privilege Escalation |
|
|
|
| Defense Evasion |
|
|
|
| Credential Access |
|
|
|
| Discovery |
|
|
|
| Lateral Movement |
|
|
|
| Collection |
|
|
|
| Command & Control |
|
|
|
| Exfiltration |
|
|
|
| Impact |
|
|
|
New Rules Deployed This Quarter: _
Rules Tuned/Optimized: _
Rules Retired: ____
6. Budget & Resource Status
| Category |
Annual Budget |
YTD Spent |
Remaining |
Utilization |
| Technology (licensing, tools) |
|
|
|
% |
| Personnel (salaries, training) |
|
|
|
% |
| Services (MSSP, consulting) |
|
|
|
% |
| Training & Certs |
|
|
|
% |
| Total |
|
|
|
% |
Staffing
| Role |
Authorized |
Filled |
Open |
Time to Fill |
| Tier 1 Analyst |
|
|
|
|
| Tier 2 Analyst |
|
|
|
|
| Tier 3 / Hunt |
|
|
|
|
| SOC Lead |
|
|
|
|
| Detection Engineer |
|
|
|
|
7. Risks & Challenges
| # |
Risk |
Impact |
Likelihood |
Mitigation |
Owner |
| 1 |
|
High/Med/Low |
High/Med/Low |
|
|
| 2 |
|
|
|
|
|
| 3 |
|
|
|
|
|
8. Achievements This Quarter
9. Next Quarter Roadmap
| Priority |
Goal |
Owner |
Success Criteria |
Dependencies |
| P1 |
|
|
|
|
| P2 |
|
|
|
|
| P3 |
|
|
|
|
10. Requests for Leadership
| # |
Request |
Business Case |
Budget Impact |
Decision Needed By |
| 1 |
|
|
|
|
| 2 |
|
|
|
|
References