CDC logo.png
In this era of rapid digital transformation, our world is becoming increasingly interconnected. This heightened connectivity exposes individuals, organizations, and systems to ever-evolving cyber threats as well as data and privacy breaches. In this evolving landscape, active defense is emerging as a critical strategy for cyber resilience and at its core lies the concept of a "cyber defence centre" (CDC).
A CDC is an entity which ensures that an organization can seamlessly adapt to the ever-changing landscape of cybersecurity needs by playing the pivotal role of translating security policies into practical, dynamic services. It provides not only the existing SOC and CSIRT/CERT/CIRT services, but also strategic planning, policy shaping and risk management functions to mitigate cybersecurity risks inherent in an organization's operations.
ITU-T Recommendation X.1060 is a gamechanging standard developed by ITU-T Study Group 17 in 2021 provides a comprehensive "Framework for the creation and operation of a cyber defence centre".
This framework equips organizations with the guidance needed to create and manage a CDC and tools to periodically evaluate and improve its effectiveness. Within the framework, a service portfolio is defined, comprising of 64 services to be assigned for insource and/or outsource implementation and evaluable in five maturity levels (unnecessary, basic, standard, advanced, and optional) under
nine distinct categories, serving as the cornerstone for a CDC's ability to effectively implement cybersecurity measures. The nine service categories include:
CDC service category
# of services
A.
Strategic management of CDC 13
B. Real-time analysis 4
C. Deep analysis 4
D. Incident response 7
E. Checking and evaluation 9
F. Collection, analysis and evaluation of threat intelligence 5
G.
Development and maintenance of CDC platforms 13
H. Support of internal fraud response 2
I. Active relationship with external parties 7