Table of Contents - ITU-T Rec. Series X Supplement 34 (01/2019) ITU-T X.1051 � Supplement on code of practice for information security controls for telecommunication organizations

�1�� Scope��

�2�� References��

�3�� Definitions��

�� 3.1�� Terms defined elsewhere��

�� 3.2�� Terms defined in this Supplement��

�4�� Abbreviations and acronyms��

�5�� Conventions��

�6�� Methodology��

�� 6.1�� Organization context��

�� 6.2�� Risk management��

�� 6.3�� Information and network security objectives and planning to achieve them��

�7�� Roles and responsibilities��

�� 7.1�� Leadership and commitment��

�� 7.2�� Policy��

�8�� Support��

�� 8.1�� Resources��

�� 8.2�� Competence��

�� 8.3�� Awareness��

�� 8.4�� Communication��

�� 8.5�� Documented information ��

�9�� Operation��

�� 9.1�� Operational planning and control��

10�� Performance evaluation��

�� 10.1�� Monitoring, measurement, analysis and evaluation��

�� 10.2�� Internal audit��

�� 10.3�� Management review ��

11�� Improvement��

�� 11.1�� Nonconformity and corrective action��

�� 11.2�� Continual improvement��

Appendix I � Reference to applicable controls and how they can be applied��

�� I.1�� Organization��

�� I.2� ��Infrastructure��

�� I.3�� People��

�� I.4�� Environment��

Appendix II � Additional controls for consideration��

�� II.1�� CSIRT and SOC��

�� II.2�� Cybersecurity information exchange (CYBEX)��

Bibliography ��