The initial phase will involve a detailed analysis and mapping of the current state of Roma Capitale, including hardware, software, networks, VPNs and firewalls. Next, the security architecture that will be the operational and decision-making centre for Roma Capitale's cybersecurity will be defined, involving both internal resources and external consultants. This will be followed by the development phase, in which the SOC will be concretely realised from an organisational and technological point of view by means of enabling solutions.
The information collected by the third-party solutions adopted by Roma Capitale (such as Cloud, Endpoint, Network and Server) will converge in a single repository, ensuring a cross-sectoral view that is independent of the specific service operators. This architecture will make it possible to react quickly and effectively by using machine learning algorithms to detect sophisticated threats. Information from Cyber Threat Intelligence will be used to activate preventive defence mechanisms and incident responses will be automated. After the architecture design phase, all activities to implement the processes and supporting technologies will be implemented, together with the training of personnel involved in the detection and management of security incidents.