close icon

Security Operations Centre (SOC) Baseline Capabilities

The evolving threat landscape and plethora of new technologies and business practices necessitates enterprises match the dexterity and skills of their adversaries while ensuring their detection capabilities stay relevant and constantly advance their ability to respond. A key foundational element toward this is a competent Security Operations Center (SOC), alerting stakeholders of meaningful security events, centralizing alerts into a single functional unit, and providing the ability to coordinate a response to emerging situations, thus limiting the impact of security incidents. 

Modern-day SOCs have at their disposal a wide array of sophisticated prevention, detection, and response technologies, cyber intelligence reporting capabilities, and access to a rapidly expanding skilled cyber workforce. It is, therefore, necessary to outline baseline capabilities for Security Operations Centers within the Critical Information Infrastructure (CII) and propose maturity targets across technology, tools, and supporting people and processes. 

From the context of building national monitoring capabilities, it is expected that SOCs of CII entities are aligned and feed into the National Security Operations Center (NSOC) to support the UAE’s situational awareness. Supported by a common taxonomy of security events and incidents, it enables coherence in national incident response against cyber-attacks.

The Cyber Security Council has established this baseline to outline minimum requirements for CII Security Operations Centers and define maturity targets to enhance national cyber resilience. This initiative builds upon the UAE’s position as a global leader in cyber security and further enhances the security posture of organizations and individuals within the UAE.

The purpose of this document is to outline the approach to measure the maturity and capabilities of a CII SOC whilst also providing capability and maturity targets for minimum capabilities across CII sectors. This provides a roadmap for the development and improvement of SOCs across all critical infrastructure in the UAE. 

While each organization and sector will need to customize their own level of SOC maturity that factors in their cyber risk tolerance and technology landscape, a minimum baseline capability, as outlined in the document, will contribute to enhancing the national cyber resilience.