Mitre's 2014 paper on SOC "Ten Strategies of a World-Class Cybersecurity Operations Center"

https://www.mitre.org/sites/default/files/publications/pr-13-1028-mitre-10-strategies-cyber-ops-center.pdf

and updated 2022 paper "11 Strategies of a World-Class Cybersecurity Operations Center"

https://www.mitre.org/sites/default/files/publications/11-strategies-of-a-world-class-cybersecurity-operations-center.pdf

UK NCSC's guide to SOC procurement

https://www.ncsc.gov.uk/guidance/security-operations-centre-soc-buyers-guide

Google Cloud Security's Anton Chuvakin has much useful thinking on his blog

https://medium.com/anton-on-security

Virtuous Cycles: Rethinking the SOC for Long-term Success by John Hubbard

https://www.youtube.com/watch?v=1NUjT-0yQjg

Not a big fan of the CREST doc. YMMV.

https://www.crest-approved.org/wp-content/uploads/Cyber-Security-Monitoring-Guide.pdf

Gartner's 'Market Guide for Managed Detection and Response Services'

https://www.gartner.com/doc/reprints?id=1-27QJQAMI&ct=211026&st=sb

Google's Autonomic Security Operations

https://services.google.com/fh/files/misc/googlecloud_autonomicsecurityoperations_soc10x.pdf