|
Work item:
|
X.C2M2
|
|
Subject/title:
|
Cybersecurity capability maturity model for telecommunication organisations
|
|
Status:
|
Under study
|
|
Approval process:
|
AAP
|
|
Type of work item:
|
Recommendation
|
|
Version:
|
New
|
|
Equivalent number:
|
-
|
|
Timing:
|
2026 Q4 (Medium priority)
|
|
Liaison:
|
-
|
|
Supporting members:
|
-
|
|
Summary:
|
As telecommunications organisations are increasingly being targeted by cybercriminals, nation-state actors, and hacktivists, Telecom operators are continuously facing threats that can impact critical infrastructure, customer data, and service availability. In view of complex, multi-vendor, and multi-network telecom, there is need for unified approach to strengthen the cybersecurity posture and preparedness thus enabling telecommunications organisations to benchmark their security posture against industry best practices.
A C2M2 for telecom organisations provides guidance to the top level managers who has responsibilities to secure their telecom network, assess their security maturity across key areas (e.g., risk management, incident response, data protection, vulnerability management, etc) and respond to evolving threats.
The cybersecurity capability maturity model provides a benchmark of cybersecurity maturity levels so that the maturity levels are measurable and based on the measure, further guidance can be provided to an organisation as to how to improve the score and how to move to a higher level of capability-maturity so that the cybersecurity posture is continuously improved. The C2M2 models is applicable across different size and types of telecommunications organisations.
As telecommunications organisations are increasingly being targeted by cybercriminals, nation-state actors, and hacktivists, Telecom operators are continuously facing threats that can impact critical infrastructure, customer data, and service availability. In view of complex, multi-vendor, and multi-network telecom, there is need for unified approach to strengthen the cybersecurity posture and preparedness thus enabling telecommunications organisations to benchmark their security posture against industry best practices.
A C2M2 for telecom organisations provides guidance to the top level managers who has responsibilities to secure their telecom network, assess their security maturity across key areas (e.g., risk management, incident response, data protection, vulnerability management, etc) and respond to evolving threats.
The cybersecurity capability maturity model provides a benchmark of cybersecurity maturity levels so that the maturity levels are measurable and based on the measure, further guidance can be provided to an organisation as to how to improve the score and how to move to a higher level of capability-maturity so that the cybersecurity posture is continuously improved. The C2M2 models is applicable across different size and types of telecommunications organisations.
|
|
Comment:
|
-
|
|
Reference(s):
|
|
|
Historic references:
|
|
Contact(s):
|
|
| ITU-T A.5 justification(s): |
|
|
|
|
First registration in the WP:
2025-04-16 16:50:49
|
|
Last update:
2025-04-17 13:19:27
|
|
