top of page

24/7 security operations and monitoring

PERIMETROS  Cyber Security Operations Centre (SOC) function primary role is to support the reactive and proactive service operations, including all the activities related to event and alarm management, trouble ticketing (incident and problem management), security monitoring, with special care to the End User experience.  The SOC acts as a centralised unit dealing with security issues affecting the cyber-physical systems on or connected to a ship or fleet of ships, including those relating to cyber security. The SOC monitors the whole environment for severe events, analysing them and logging events as incidents. The SOC analysts assess the incident (end user ones and ones coming from system) or service request and, based on the criticality and priority, works against resolution or routes this to the next support level. Amongst the key functions of our SOC pivotal are the following four:

  1. Observe, by maintaining situational awareness, i.e. understand potential, emerging and actual threats to the ship's operations. Observation includes detection of unauthorised changes to ship systems or ship data, not secure modes of operation and unauthorised access to ship assets;

  2. Orient, by analysing the risk to operations from new or changed threats and determine whether proactive measures are required to reduce the risk to an acceptable level.

  3. Decide what action may be appropriate either to deny further access to the ship asset or to respond to the event by identifying suitable security controls.

  4. Act, by implementing the decision(s).

In observing the operating environment of the ship PERIMETROS SOC analysts maintain situational awareness of the general threat environment. From a cyber security perspective, this involves accessing threat intelligence information from both public and private sector sources. The SOC's main responsibilities are:


  • Security monitoring – PERIMETROS security analysts monitor the SIEM platform for potential security incidents, and initiate the security incident response processes when necessary;

  • Security incident response – a virtual team comprised of analysts and managers is formed to manage an identified security incident; led by the security manager with support from relevant technical support teams; 

  • Security and risk management – the security manager is the single point of contact for security for the ship to the company ashore and liaises with stakeholders (e.g. in DPA, ISO and IT manager / director). The security manager tracks and manages security, compliance and risk;

  • Security reporting – the security manager provides regular reporting of security and risk status and issues to all stakeholders;

  • Security tools administration – together with SMEs (NW/Security) support security tools, including:

    • SIEM product

    • Cyber-physical security systems

    • Next gen firewalls

    • IPS

    • Endpoint Security

    • Authentication and Access Management for external users

    • Authentication and Access Management across the ship's IT/OT infrastructure

Some of the reports the SOC is frequently issuing to customers are:

Report Category

security incident management

Vulnerability assessments 

Risk assessment report

Threat intelligence

Security operations

Internal audit


Report Description


Daily incident management report

Weekly incident management report

Monthly incident management report

Once per critical/high incident



Vulnerability assessment report

When the assessment is performed

Risk assessment and treatment report

Threat intelligence report

Security operations effectiveness 

Internal audit report

On-demand reports (to provide further details on identified security incidents)

When the assessment is performed



When the audit is performed


PERIMETROS is offering industry standard security incident response services levels and associated rebates if a violation occurs. Our response time starts from 30 min for severity 1 type incidents 24 hours a day, 7 days a week, 365 days a year. Depending on the offered services, PERIMETROS is able to develop service level agreements (SLAs) to meet the performance, security or otherwise requirements of the customer. Contact PERIMETROS for more information.  

bottom of page