In this diagram, we begin to see somewhat of a resemblance of the centralization of reports to an SOC. The SOC may not be very mature at this point, but it is also just gathering the information that it receives from the teams.

These are the main highlights from the phase:

• This is another variation of data overload where the customer and the SOC have multiple reports delivered
• It is still a (longer) one-way street or a radio that broadcasts to anyone who is listening
• There is still a lack of interaction between information security teams
• There is no accountability for fixes