ITU-T X.1500
Overview of cybersecurity information exchange
Organization: | ITU-T |
Publication Date: | 1 April 2011 |
Status: | active |
Page Count: | 34 |
scope:
This Recommendation presents a cybersecurity information exchange (CYBEX) model and discusses techniques that can be used to facilitate the exchange of cybersecurity information. These techniques can be used individually or in combinations, as desired or appropriate, to enhance cybersecurity through coherent, comprehensive, global, timely and assured information exchange. No obligations to exchange information are implied, nor are the means of acquisition or ultimate use of the information treated. The techniques include the structured global discovery and interoperability of cybersecurity information in such a way as to allow for continual evolution to accommodate the significant activities and specification evolution occurring in numerous cybersecurity forums. CYBEX is one of the elements providing confidence and security in the use of ICTs.
This Recommendation has the following basic functions that can be used separately or together as appropriate:
• structuring cybersecurity information for exchange purposes;
• identifying and discovering cybersecurity information and entities;
• establishment of trust and policy agreement between exchanging entities;
• requesting and responding with cybersecurity information;
• assuring the integrity of the cybersecurity information exchange.
Subject to agreed policies and applicable laws and regulations, the means of acquiring information as well as the uses made of the information are specifically out of scope and not treated in this Recommendation. Some specific national and regional regulations and legislations may require implementation of mechanisms to protect personally identifiable information. Neither the techniques described in this Recommendation nor the exchange of related cybersecurity information are mandated by this Recommendation.