Nexus SecOps Self-Assessment Workbook¶

Use this workbook to conduct a structured assessment of your organization's security operations maturity against the Nexus SecOps benchmark. Complete all domains to generate an overall maturity score.

How to score: - 0 = Not Implemented: Control does not exist - 1 = Initial: Informal, undocumented, ad-hoc - 2 = Developing: Basic documentation; inconsistent application - 3 = Defined: Documented process; consistently applied; measurable - 4 = Managed: Metrics-driven; proactively managed; KPIs tracked - 5 = Optimizing: Continuously improved; benchmarked against peers

Download formats: CSV | JSON

Pre-Assessment Information¶

Complete this section before scoring.

Field	Response
Organization Name
Assessment Date
Assessment Lead
Assessment Team Members
Nexus SecOps Version	1.0
Assessment Type	☐ Self-assessment ☐ Internal audit ☐ Third-party assessment
Organization Size	☐ Small (<500 staff) ☐ Medium (500–5,000) ☐ Large (>5,000)
Industry Sector
Primary Cloud Environments
SOC Coverage Model	☐ 8×5 ☐ 16×5 ☐ 24×7 ☐ Hybrid MSSP
Previous Assessment Date
Previous Overall Score

Domain 1: TEL — Telemetry and Log Ingestion (Nexus SecOps-001–015)¶

Control ID	Title	Score (0–5)	Evidence Reference	Notes
Nexus SecOps-001	Log Source Inventory
Nexus SecOps-002	Log Delivery Verification
Nexus SecOps-003	Encrypted Transport
Nexus SecOps-004	Log Retention Policy
Nexus SecOps-005	Log Integrity Protection
Nexus SecOps-006	Endpoint Agent Coverage
Nexus SecOps-007	Log Health Monitoring
Nexus SecOps-008	Cloud API Log Collection
Nexus SecOps-009	OT/ICS Monitoring
Nexus SecOps-010	Endpoint Process Logging
Nexus SecOps-011	Identity Provider Logging
Nexus SecOps-012	Email Gateway Logging
Nexus SecOps-013	DNS Logging
Nexus SecOps-014	Log Source Review Cadence
Nexus SecOps-015	Centralized Log Aggregation

TEL Domain Score (average): _ / 5

Key Gaps Identified:

-¶

Domain 2: DQN — Data Quality and Normalization (Nexus SecOps-016–030)¶

Control ID	Title	Score (0–5)	Evidence Reference	Notes
Nexus SecOps-016	Field Normalization
Nexus SecOps-017	Timestamp Normalization
Nexus SecOps-018	Asset Context Enrichment
Nexus SecOps-019	IP Reputation Enrichment
Nexus SecOps-020	Identity Resolution
Nexus SecOps-021	Data Quality Monitoring
Nexus SecOps-022	Schema Documentation
Nexus SecOps-023	Duplicate Detection
Nexus SecOps-024	Volume Anomaly Detection
Nexus SecOps-025	Parse Error Monitoring
Nexus SecOps-026	Threat Intel Enrichment
Nexus SecOps-027	Data Governance Policy
Nexus SecOps-028	Log Source SLA Monitoring
Nexus SecOps-029	Retention Automation
Nexus SecOps-030	Data Classification

DQN Domain Score (average): _ / 5

Domain 3: DET — Detection Engineering (Nexus SecOps-031–050)¶

Control ID	Title	Score (0–5)	Evidence Reference	Notes
Nexus SecOps-031	ATT&CK Coverage Mapping
Nexus SecOps-032	Detection Rule Library
Nexus SecOps-033	Detection Change Control
Nexus SecOps-034	Detection Rule Testing
Nexus SecOps-035	False Positive Rate Management
Nexus SecOps-036	Detection Review Cadence
Nexus SecOps-037	MTTD SLA
Nexus SecOps-038	Detection Rule Documentation
Nexus SecOps-039	Detection-as-Code Pipeline
Nexus SecOps-040	Purple Team Validation
Nexus SecOps-041	Intel-to-Detection Workflow
Nexus SecOps-042	Rule Retirement Process
Nexus SecOps-043	Detection Gap Analysis
Nexus SecOps-044	Behavioral Analytics
Nexus SecOps-045	Rule Documentation Standard
Nexus SecOps-046	Correlation Rules
Nexus SecOps-047	Cloud Detection Coverage
Nexus SecOps-048	Identity Detection Coverage
Nexus SecOps-049	Insider Threat Detection
Nexus SecOps-050	AI/ML Detection Models

DET Domain Score (average): _ / 5

Domain 4: TRI — Triage and Investigation (Nexus SecOps-051–065)¶

Control ID	Title	Score (0–5)	Evidence Reference	Notes
Nexus SecOps-051	Alert Priority Matrix
Nexus SecOps-052	SLA by Severity
Nexus SecOps-053	Triage Runbook
Nexus SecOps-054	MTTI Measurement
Nexus SecOps-055	Enrichment Automation
Nexus SecOps-056	Escalation Criteria
Nexus SecOps-057	Alert Queue Dashboard
Nexus SecOps-058	Investigation Documentation
Nexus SecOps-059	False Positive Feedback
Nexus SecOps-060	External Lookup Integration
Nexus SecOps-061	Analyst Training
Nexus SecOps-062	Triage Quality Review
Nexus SecOps-063	Alert Aging Monitoring
Nexus SecOps-064	Cross-Alert Correlation
Nexus SecOps-065	Pivot Capability

TRI Domain Score (average): _ / 5

Domain 5: INC — Incident Response (Nexus SecOps-066–080)¶

Control ID	Title	Score (0–5)	Evidence Reference	Notes
Nexus SecOps-066	Incident Response Plan
Nexus SecOps-067	Incident Classification
Nexus SecOps-068	Incident Commander Role
Nexus SecOps-069	Communication Plan
Nexus SecOps-070	Containment Playbooks
Nexus SecOps-071	Evidence Preservation
Nexus SecOps-072	Post-Incident Review
Nexus SecOps-073	Regulatory Notification
Nexus SecOps-074	Incident Ticketing
Nexus SecOps-075	MTTR Measurement
Nexus SecOps-076	IR Retainer
Nexus SecOps-077	Tabletop Exercises
Nexus SecOps-078	IR Metrics Reporting
Nexus SecOps-079	Crisis Communication
Nexus SecOps-080	Recovery Procedures

INC Domain Score (average): _ / 5

Domain 6: CTI — Cyber Threat Intelligence (Nexus SecOps-081–095)¶

Control ID	Title	Score (0–5)	Evidence Reference	Notes
Nexus SecOps-081	Threat Intel Platform
Nexus SecOps-082	Intel Feed Management
Nexus SecOps-083	IOC Ingestion Pipeline
Nexus SecOps-084	Intel Reporting
Nexus SecOps-085	Intel-to-Detection Workflow
Nexus SecOps-086	STIX/TAXII Integration
Nexus SecOps-087	Intel Prioritization
Nexus SecOps-088	Information Sharing
Nexus SecOps-089	Threat Actor Profiles
Nexus SecOps-090	Intel TTL Policy
Nexus SecOps-091	Strategic Intelligence
Nexus SecOps-092	Consumer Feedback
Nexus SecOps-093	Collection Plan
Nexus SecOps-094	CTI Team Training
Nexus SecOps-095	IOC FP Tracking

CTI Domain Score (average): _ / 5

Domain 7: AUT — Automation and SOAR (Nexus SecOps-096–110)¶

Control ID	Title	Score (0–5)	Evidence Reference	Notes
Nexus SecOps-096	SOAR Architecture
Nexus SecOps-097	Playbook Inventory
Nexus SecOps-098	Playbook Change Control
Nexus SecOps-099	Human-in-the-Loop Gates
Nexus SecOps-100	Playbook Testing
Nexus SecOps-101	Automation Rate Metrics
Nexus SecOps-102	Playbook Audit Logging
Nexus SecOps-103	Automation Rollback
Nexus SecOps-104	API Security
Nexus SecOps-105	Enrichment Automation
Nexus SecOps-106	Containment Automation
Nexus SecOps-107	Case Management Integration
Nexus SecOps-108	SLA Breach Automation
Nexus SecOps-109	Playbook Documentation
Nexus SecOps-110	Automation Failure Alerting

AUT Domain Score (average): _ / 5

Domains 8–14 (Summary Rows)¶

Complete these domains in the same format using the CSV workbook for efficiency.

Domain	Controls	Your Score	Target Score
IAM — Identity & Access Management	111–120	/ 5	≥3.0
CLD — Cloud Security Operations	121–135	/ 5	≥3.0
END — Endpoint and Workload Security	136–150	/ 5	≥3.0
VUL — Vulnerability and Exposure Management	151–160	/ 5	≥2.5
AIM — AI/ML for Security Operations	161–180	/ 5	≥2.0
LLM — LLM Copilot Controls	181–200	/ 5	≥2.0
GOV — Governance, Risk, and Compliance	201–220	/ 5	≥3.0

Overall Scoring¶

Domain	Score	Weight (if applying)
TEL		1.0
DQN		1.0
DET		1.0
TRI		1.0
INC		1.0
CTI		0.8
AUT		0.8
IAM		1.0
CLD		0.9
END		1.0
VUL		0.9
AIM		0.7
LLM		0.7
GOV		1.0
Overall Average

Maturity Level Determination:

Average Score	Level	Label
0.0–0.9	0	Non-Existent
1.0–1.9	1	Initial
2.0–2.9	2	Developing
3.0–3.9	3	Defined
4.0–4.9	4	Managed
5.0	5	Optimizing

Your Maturity Level: _ — _____

Priority Improvement Areas¶

List your top 5 controls with the lowest scores that have the highest business impact:

Priority	Control ID	Title	Current Score	Target Score	Owner	Target Date
1
2
3
4
5

Next Steps¶

[ ] Transfer results to Findings Template
[ ] Add findings to Risk Register Template
[ ] Schedule improvement review for: _______
[ ] Schedule next full assessment for: _______

See Scoring Methodology | Test Procedures | Evidence Catalog