da en

Cyber Defense Center

Who is CDC?

The Vision

CDC's vision is to protect Danish national critical infrastructure and TDC NET and its customers and performing comprehensive investigations into cyber security incidents.

The vision is to operate in an intelligence lead way, doing cyber security with focus on cyber threat intelligence sources and compiling specific detection rules and indicators of compromise.

The Mission

The CDC’s mission is to protect TDC NET and its customers against cyber threats. 
The CDC is the last line of defense in relation to cyber incidents and cyber attacks.

This is done by leaning on well-proven standards such as the NIST framework , ISO/IEC 27001/02 and the Security Incident Management Maturity Model (SIM3) developed by Trusted Introducer and adapted by FIRST.
The mission is to cover as many as possible of the relevant techniques in the MITRE ATT&CK knowledge base . To cover the MITRE ATT&CK techniques, we need to develop the CDC Visibility Triad and implement the necessary tools to fully cover Security Incident and Event Management (SIEM), network detection and response (NDR), and endpoint detection and response (EDR).

What is a security incident?

CDC defines it as: “An incident that negatively affects or is deemed to affect the availability, integrity or confidentiality of data, information systems, digital networks or digital services”.

The following are some examples of a security incident:

  • Brute force attacks which may have successfully compromised data or accounts
  • Unusual behaviour from privileged user accounts or service accounts
  • Unauthorized insiders trying to access servers or data
  • Unexpected changes in configurations or services
  • Strange popups when visiting websites, changes to your web browser’s start page, changed appearance of files or hidden files
  • If you find leaked TDC NET credentials – i.e., usernames and passwords
  • If you find compromised TDC NET data
  • Accounts that have been locked unexpectedly or AD-group memberships that have been altered for no reason. This does not include accounts that have been locked due to typing in an incorrect password too many times
  • Generally, things that seems odd or out of place in your daily work environment as well as any form of suspected foul play

If you experience an incident as described above CDC must be contacted as soon as possible, since time can be of essence – both to contain the incident (limit damage) and to meet specific notification deadlines towards any applicable authorities.

If CDC concludes that the reported incident is indeed a security incident, CDC will take over management of the case. However, the reporting business unit will typical be the ones working on their own system and assisting in resolving the security incident.

Information required for the CDC to handle a security incident (all of it does not have to be available before contacting the CDC):

  • As detailed a description as possible of events, timeline, stakeholders etc.
  • Contact information for key stakeholders - application owner, technical staff, etc.
  • Logs from the systems that are involved

Contact information

Cyber Defense Center monitors mail queue: cdc@tdcnet.dk
Monday – Thursday from 08:00 – 16:00
Friday from: 08:00 – 15:30

For at se denne video skal du tillade statistiske cookies. Klik her for at konfigurere cookies