During digital transformation, the traditional information operation center is no longer enough to support enterprises (especially in the area of information security), so the concept of Security Operation Center (SOC) is released according to the needs of information security incident response and information Security-related laws and regulations. Recently, companies have established relevant units or entrusted service providers to assist in related tasks based on regulatory compliance or supply chain needs. However, the results often take more work to quantify with the establishment of units or the outsourcing of functions. What should be required of the team or the service providers will make it even more difficult for companies that already need more information security workforce. Through an appropriate framework, it may be possible for enterprises to understand what tasks the information security operation center should complete and how to achieve them. Guidelines shape the hard-to-understand words and sentences written in black and white on the specification into more specific tasks that can be implemented. With the measurement of maturity, you can understand the blueprint for future development so that SOC can become a critical gear for enterprise information security capabilities to improve the organization's information security capabilities.