Ad-Hoc Working Group on Security Operation Centres (SOCs)

The proliferation of emerging technologies into our daily life and the accelerated pace with which companies, governments and institutions digitalise their core functionalities are creating opportunities for economic prosperity. The road to prosperity, however, comes with a compromise, as the threat landscape is ever-increasing, creating opportunities for cyber criminals to cause unprecedented harm. Cornerstone to the protection of digital infrastructure for nations and organisations and the mitigation of the impact from cyberattacks are the Security Operation Centres (SOCs) and the Computer Security Incident Response Teams (CSIRTs), whose importance is established in the NIS Directive (Directive (EU) 2016/1148 on security of network and information systems)

The scope of this ad-hoc working group is to assist ENISA in capturing current practices across the EU regarding typical SOCs capabilities, i.e. capabilities to identify, protect against, detect, respond to and recover from cyber threats affecting a particular organisation. It will also help the Agency capture current practices in CSIRTS and SOCs, Member States’ cybersecurity policies and investment plans relevant to increasing the capacity of SOCs, identify gaps based on maturity models for SOCs that establish best practice (i.e., FIRST framework) and highlight pathways for research and innovation that will increase the maturity of current stakeholders in the field.

Terms of Reference

Full Terms of Reference can be downloaded through this link: Terms of Reference.

Selection Criteria

ENISA will take the following criteria into account when assessing applications:

• Relevant competence (e.g. technical, legal, organisational or a combination thereof) and experience in the area of setting up SOCs and/or in other areas of relevance for the purpose of providing advice on enhancing SOCs, such as the knowledge of the ICT market and its threats, developments as regards the cyber threat landscape, knowledge and experience in research for SOCs, and other related cybersecurity facets.
• Ability to deliver technical advice at the tactical level, including those of scientific or technical nature, on issues relevant to enhancing SOCs, including in the above-mentioned areas of relevance for this purpose.
• Good knowledge of English allowing active participation in the discussions.

Applications

Individuals interested are invited to submit their application to ENISA via the dedicated form.

The call will remain open until the 25th of July 2021. After the deadline, no incoming applications will be taken into consideration.