After a two-year implementation period, EU financial companies are obliged to implement the DORA (Digital Operational and Resilience Act) by the deadline of January 17, 2025. Chapter II of DORA focuses on the risk management framework, which consists of several elements:
- Identification,
- Protection and prevention,
- Recognition,
- Countermeasures and recovery,
- Learning
- Further development and communication.
The accompanying RTS (Regulatory Technical Standard) for ICT risk management sets out very specific requirements for SOC operations in some cases.
In particular, Article 23 of the RTS deals with the detection of anomalous activities and sets out criteria for the detection of ICT-related incidents and the response to such incidents. Among other things, the “scenario-based analysis of log data to detect potential internal or external cyber threats” is required. SIEM systems can be used to implement this requirement. In SIEM systems, the log data from a company’s infrastructure and application assets is collected and evaluated centrally.
These are then evaluated with regard to specific threat scenarios as use cases in the form of cross-asset correlation rules. Common frameworks (e.g. MITRE ATT&CK) are used to select suitable use cases. In the course of the use case definition, runbooks and playbooks are usually defined, which SOC analysts follow when dealing with possible ICT-related incidents. In this way, the DORA requirements for response and recovery from Article 11 can also be taken into account. By using SIEM systems as log management, the logging requirements stipulated in Article 12 of the RTS can also be addressed.
SECUINFRA supports affected companies with experienced cyber defense consultants in the design and implementation of measures to meet the technical SOC and SIEM requirements stipulated by DORA. SECUINFRA also offers various services tailored to customer needs in the area of 24/7 managed and co-managed SOC operations.
