ITU has adopted a suite of global technical standards that provide a common framework for exchanging information on cybersecurity. The suite is known as CYBEX and provides for enhancing protection for all kinds of ICT systems, equipment, and software.
CYBEX focuses on the structured exchange of cybersecurity information and provides coherent common specifications allowing different operators, systems, and security communities to communicate vital cybersecurity information to each other, enhance protection, and identify and understand attacks . CYBEX is an important element in ITUís array of standards improving confidence and security in the use of ICTs.
The first three standards of this suite of standards (known as ITU-T X.1500 Recommendations) consist of: (1) an overview of the model for trusted exchange of cybersecurity information; (2) the exchange of vulnerability information; and (3) "weighing" of vulnerabilities.
ITUís security study group (ITU-T Study Group 17) has started new work entitled continuous security monitoring using CYBEX techniques. The work will focus on the use of CYBEX standards by enterprises and network operators to enhance their individual and collective cybersecurity and reduce their risks. Experts say the complexity of existing network infrastructures, equipment, software, and services renders enterprises constantly vulnerable and subject to compromise. The work may also be applicable to cloud computing, virtualization and Smart Grid electrical power management environments.