OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti-stix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Asset: the missing piece in your puzzle

From https://www.sans.org/critical-security-controls
to ISO 27001, through the NIST CSF (#1 Identify), NIST Risk Management
Framework, SP 800-53... ...
If you don't properly manage your Assets in cybersecurity: you will FAIL.

Information obtained from the data that you will manipulate and
exchange need to be linked to your Assets, the Assets of others
(Supply Chain or Adversaries).

So -again-, I invite you to look at http://scap.nist.gov/specifications/ai/

NB: While not perfect, and I can comment further with pleasure on
where/why, the Asset concept/construct or relationships (i.e. through
GUIDs) is, imho, NEEDED.

PS: I will try to put effort on documenting where the current model(s)
are currently weak regarding this domain

Best regards

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]