Reactive services: act when security incidents happen
- Report acceptance
- Analysis
- Evidence collection
- Mitigation and Recovery
- Coordination center
- Crisis management support

Proactive services: act before security incidents happen

Data acquisition
- Policy distillation and guidance
- Data collection (feeds, IOCs)
Analysis and synthesis
- Threat state modeling
- Threat alerting and hunting
Communication
- Reporting and recommendations
- Information sharing
Quality management: Lessons learned after security incidents happen and better prepare before security incidents happen
- Awareness Building
- Trainings and Education
- Exercices
- Technical advisory
