Summary

Recommendation ITU-T X.1208 describes a methodology for organizations to use cybersecurity indicators when computing a risk measure and it provides a list of potential cybersecurity indicators.

Recommendation ITU-T X.1208 is intended to help organizations that implement or operate a portion of the global infrastructure of information and communication technologies to evaluate their own cybersecurity capability and risk. These guidelines are intended to facilitate the decision-making process within organizations on how to lower their risks and how to identify where they could/should invest resources to improve their cybersecurity capabilities.

Recommendation ITU-T X.1208 does not propose the use of an index or a single indicator to express the cybersecurity capabilities of an organization.