TOKYO - November 16, 2021 -NTT Corporation (NTT), NTT Security Corporation (NTTS), NTT TechnoCross Corporation (NTT-TX) and NEC Corporation (NEC) have jointly developed an international standard for the concept of a Cyber Defence Centre (CDC) and its build, management and evaluation process for strategic and systematic responses to cyber risks. It has been published as the ITU-T Recommendation X.1060 (https://www.itu.int/rec/T-REC-X.1060-202106-I) by the Telecommunication Standardization Sector of the International Telecommunication Union (ITU), one of the specialized agencies of the United Nations.

With the recommendation, various companies and organizations are expected to improve their cyber risk response capabilities by building and strengthening security response organizations based on a systematic framework.

Summary of the Recommendation
ITU-T Recommendation X.1060 defines the CDC as "An entity within an organization that offers security services to manage the cyber security risks of its business activities". The framework describes the three processes of build, management, and evaluation that the CDC should implement, and also presents the service functions that the CDC should have in order to implement more specific cyber security measures.


Contribution to the Recommendation and Future Developments
In this recommendation, the contents of the "Textbook for Security Response Organizations" issued by the Information Security Operation providers Group Japan (ISOG-J), in which NTT, NTTS, NTT-TX and NEC participate, were adopted. In addition, the specific operations and services required to achieve effective security response in enterprises are provided as best practices with 64 types in 9 categories. Thus, the recommendation can be practically used as a guideline for cyber security and its organizational functions, as well as a reference for implementing specific cyber security response operations.

NTT, NTTS, NTT-TX and NEC will collaborate with various organizations and groups to promote the use of the framework of this recommendation both domestically and internationally for cyber security response.