Recommendation ITU-T X.1208 describes a methodology for organizations to use cybersecurity indicators when computing a risk measure, and provides a list of potential cybersecurity indicators.

Recommendation ITU-T X.1208 is intended to help organizations that implement or operate a portion of the global infrastructure of information and communication technologies to evaluate their own cybersecurity capability and risk. These guidelines are intended to facilitate the decision making process within organizations on how to lower their risks, and how to identify where they could/should invest resources to improve their cybersecurity capabilities.

Recommendation ITU-T X.1208 does not propose the use of an index or a single indicator to express the cybersecurity capabilities of an organization.