OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Using STIX to Inform Open FAIR Analysis

I am writing to ask for help.

In 2010 I was lead author of the OPEN FAIRâ - STIXâ INTEGRATION white paper with the expert advice and assistanceÂby Dez Beck of MITRE (and OASIS). It appeared that data produced in conformance with STIX could be used to help inform estimates of Threat Event Frequency (TEF) and Threat Capability (TCap) for a FAIR analysis.

In a conversation with Jane Ginn earlier this month I learned that data in STIX 2.1 and earlier versions is being widely produced and used by the various incident response tools/systems.

Could somebody help me identifying some available data and performing an analysis? Relevant STIX data are those related to Threat Actor: Indicator, Intrusion Set, AttackÂPattern, Malware and Tool.

A possible outcome is the creation of a guide on how to use STIX data to inform a FAIR analysis, helping to build a bridge from responding to incidents to influencing executive investment decisions for security countermeasures.

Thank you for your consideration,

Chris Carlson
Member of the Open Group Security Forum

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]