The aim of this call for tenders is to initially cover the needs of the awarding body itself and to enable the employees of the awarding body to take over standard services within the Security Operation Center (SOC) itself. In a further step, it is also intended to integrate customers and in particular the shareholders of MISC as their own clients into the SOC. The framework agreement to be concluded includes all scenarios.

Mobil ISC GmbH is the IT service provider for its shareholders. In the modern digitized and connected world, networks of companies, data centers and end devices are exposed to an increasing threat from cyber attacks via a variety of attack vectors. Assuming that cyber attacks cannot be completely prevented by various complementary preventive measures, the focus is on detecting threats and security incidents. A high level of protection is required to ensure their tasks vis-à-vis their shareholders and other customers.

For this reason, MISC intends to build a SOC (Security Operation Center) including a SIEM solution for its own company, with the option of extending the scope to its shareholders and, if necessary, additional customers. Multi-client capability of the systems is a mandatory prerequisite for selection. Multi-client capability is explicitly required. Particular challenges are the technical and organisational complexity of the project as well as the availability (especially on the labour market) of particular

trained specialists (security experts).

Building a SOC and operating SIEM is urgent and done as soon as possible to bring security levels to a higher level across the enterprise. MISC therefore attaches particular importance to the rapid implementation of the advertised service.

MISC is pursuing two objectives with this call for tenders: On the one hand, the security level in the entire company must be raised to a higher level in the short term, and on the other, the procurement item must also be open to MISC shareholders and other customers. The requirements are then adjusted according to the needs of the end customer. The subject of the call for proposals is the following key elements:

1. Managed SIEM Services

SIEM services include the installation and operation of a SIEM system for the automated collection and correlation of safety-relevant log and event data from MISC. This also includes implementing and maintaining appropriate use cases for detecting attacks and security incidents and alerting unincorporated cyber threat intelligence information. In order to achieve the goals, SIEM software is to be procured that will become the property of MISC. This includes all licenses, operating costs and any hardware procurement.

2. SoC monitoring services

The service includes real-time monitoring of SIEM alerts and incident ID through a vendor SoC and reporting confirmed incidents to MISC.

3. Incident response support

Support incident management at MISC by providing qualified experts for forensic investigation, malware analysis, or incident coordination upon request.

Services from all three service levels are to be offered. Details can be found in Appendix 1 - Service Description.