In this era of rapid digital transformation, our world is becoming increasingly interconnected. This heightened connectivity exposes individuals, organizations, and systems to ever-evolving cyber threats as well as data and privacy breaches. In this evolving landscape, active defense is emerging as a critical strategy for cyber resilience and at its core lies the concept of a "cyber defence centre" (CDC).
A CDC is an entity which ensures that an organization can seamlessly adapt to the ever-changing landscape of cybersecurity needs by playing the pivotal role of translating security policies into practical, dynamic services. It provides not only the existing SOC and CSIRT/CERT/CIRT services, but also strategic planning, policy shaping and risk management functions to mitigate cybersecurity risks inherent in an organization's operations.
ITU-T Recommendation X.1060 is a gamechanging standard developed by ITU-T Study Group 17 in 2021 provides a comprehensive "Framework for the creation and operation of a cyber defence centre".
This framework equips organizations with the guidance needed to create and manage a CDC and tools to periodically evaluate and improve its effectiveness. Within the framework, a service portfolio is defined, comprising of 64 services to be assigned for insource and/or outsource implementation and evaluable in five maturity levels (unnecessary, basic, standard, advanced, and optional) under
nine distinct categories, serving as the cornerstone for a CDC's ability to effectively implement cybersecurity measures. The nine service categories include:
| CDC service category
| # of services |
A.
| Strategic management of CDC | 13 |
| B. | Real-time analysis | 4 |
| C. | Deep analysis | 4 |
| D. | Incident response | 7 |
| E. | Checking and evaluation | 9 |
| F. | Collection, analysis and evaluation of threat intelligence | 5 |
G.
| Development and maintenance of CDC platforms | 13 |
| H. | Support of internal fraud response | 2 |
| I. | Active relationship with external parties | 7
|
![]()
![]()
