LOGBOOK

HELP

Quiz Entry - updated: 2026.06.20

What is the trade-off between a central (dedicated) SOC and a decentralised "SOC-less" SOC model?

A central, dedicated SOC concentrates expertise and consistency but costs more and can be remote from local context; a decentralised model spreads responsibility but risks fragmented coverage and visibility.

A central, dedicated SOC gives you one team with deep, specialised skills, consistent processes and a single pane of glass — at the price of higher cost and potential distance from individual business units. A decentralised ("SOC-less") SOC distributes monitoring and response across teams or units, which can fit local context and scale flexibly, but makes it harder to maintain uniform visibility, consistent processes and concentrated expertise. The right choice depends on factors like organisation size, geography, risk appetite, budget and available talent.

From Quiz: ISM / Security Incident Management | Updated: Jun 20, 2026