Home - International Telecommunication Union  
 
 
 Advanced Search Advanced Search Site Map Contact us Print Version
    Skip Navigation LinksHome > ITU-T > Study Groups > Study Group 17 > CYBEX

Site Navigation

Information
About ITU-T
Membership
StrategyExpand Strategy
Working Rules
External CooperationExpand External Cooperation
Circulars
Numbering resources
Incident ReportingExpand Incident Reporting
Standards Q&A
Contact Us
ITU-T Site Map
A to Z of ITU-T′s Activities
Standardization
ITU-T Recommendations
WTSAExpand WTSA
Study Groups/TSAGExpand Study Groups/TSAG
Focus Groups
Joint Coordination Activities
Global Standards Initiatives
Regional Groups
Committees
Approval ProcessesExpand Approval Processes
IPR
Delegate Resources
Technology Watch
Workshops
Bridging Standardization Gap
Conformity & Interoperability
Director's Corner
TSB Director's Office
Speeches
Biography
  Skip navigation links
Areas of Work
Newsroom
Events
Publications
Statistics
About ITU
Cybersecurity Information Exchange techniques (CYBEX)

Introduction

Within SG 17, Q.4/17 (Cybersecurity) is studying methods for (a) determining in real time the security integrity of systems and services, and (b) collecting and maintaining relevant security incident data in a form suitable for sharing among Information Assurance, and incident response communities as appropriate.

At the September 2009 SG 17 meeting, several significant, if not historical, actions were taken to bring about substantially enhanced global cybersecurity. These actions included the adoption of a Cybersecurity Information Exchange Techniques (CYBEX) initiative that imports more than twenty “best of breed” standards for platforms developed over the past several years by government agencies and industry to enhance cybersecurity and infrastructure protection. These platforms provide for the structured exchange at known assurance levels of information about the measureable “security state" of systems and devices, about vulnerabilities, about incidents such as cyber attacks, and about related knowledge "heuristics." The Cybersecurity Information Exchange Techniques initiative pulls these platforms together in a coherent way to provide for:

  • “locking down” on-line systems to minimize vulnerabilities,
  • capturing incident information for subsequent analysis when harmful incidents occur,
  • discovering and exchanging related information with some degree of assurance.

At the December 2010 SG 17 meeting, the fifteen months of initial work undertaken by the CYBEX industry experts was presented and advanced – with the adoption for ballot of several key standards. One of the innovative additions to the umbrella Cybersecurity Information Exchange specification, Recommendation ITU-T X.1500, was the first known structured ontology for Cybersecurity information exchange, produced by Japan’s NICT research centre.

The ITU-T mission includes facilitating collaboration among Computer Incident Response Teams (CIRTs) worldwide. Many diverse CIRTs exist around the world and are in a state of rapid evolution. Q.4/17 has built a close collaborative relationship with the Forum of Incident Response and Security Teams (FIRST) organization – which has long existed as the principal global organization among Computer Emergency Response Teams (CERTs) for coordination and cooperation. Q.4/17 also initiated a compilation of discovered CIRTs and related agencies and bodies to the SG 17 website at: http://www.itu.int/ITU-T/studygroups/com17/nfvo/index.html

The following are some further useful links:

Contacts
 

 

Top - Feedback - Contact Us -  Copyright © ITU 2008 All Rights Reserved
Contact for this page : ITU-T SG 17
Updated : 2011-01-28