The initial phase involved a detailed analysis and mapping of the current state of Roma Capitale, including hardware, software, networks, VPNs and firewalls. Next, the security architecture that serves as the operational and decision-making centre for Roma Capitale's cybersecurity was defined, involving both internal resources and external consultants. This was followed by the development phase, in which the SOC was concretely realised from an organisational and technological point of view by means of enabling solutions.
The information collected by the third-party solutions adopted by Roma Capitale (such as Cloud, Endpoint, Network and Server) has converged in a single repository, ensuring a cross-sectoral view that is independent of the specific service operators. This architecture allows to react quickly and effectively by using machine learning algorithms to detect sophisticated threats. Information from Cyber Threat Intelligence has been used to activate preventive defence mechanisms and incident responses have been automated. After the architecture design phase, all activities to implement the processes and supporting technologies were implemented, together with the training of personnel involved in the detection and management of security incidents.