How to set up CSIRT and SOC: Good practice Guide

Cybersecurity threats are increasing and becoming more complex. One of the most effective ways to counter these threats is by creating a global ecosystem of computer security incident response teams (CSIRTs) and security operations centres (SOCs) that can communicate, share information and respond to cyberthreats effectively. This can be facilitated by providing relevant frameworks and increasing the number of CSIRTs and SOCs around the world and the maturity of existing CSIRTs and SOCs.

This publication provides results-driven guidance for those who are interested in establishing a computer security incident response team (CSIRT) or security operations centre (SOC), and guidance on possible improvements for different types of CSIRTs and SOCs that exist currently.

This tool was developed as part of a project directed by the European Union Agency for Cybersecurity (ENISA). Find more about it here .