[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] Asset: the missing piece in your puzzle
Excellent admonitions. It is worth noting that the Critical Security Controls which have become globally adopted and replicated as perhaps the most widespread standard, now exists under the aegis of the Center for Internet Security at: http://www.cisecurity.org/critical-controls.cfm A new V6 version has been published, and the points you make here are addressed in the new "measurement companion." best, tony On 2015-11-27 12:49 AM, Jerome Athias
wrote:
>From https://www.sans.org/critical-security-controls to ISO 27001, through the NIST CSF (#1 Identify), NIST Risk Management Framework, SP 800-53... ... If you don't properly manage your Assets in cybersecurity: you will FAIL. Information obtained from the data that you will manipulate and exchange need to be linked to your Assets, the Assets of others (Supply Chain or Adversaries). So -again-, I invite you to look at http://scap.nist.gov/specifications/ai/ NB: While not perfect, and I can comment further with pleasure on where/why, the Asset concept/construct or relationships (i.e. through GUIDs) is, imho, NEEDED. PS: I will try to put effort on documenting where the current model(s) are currently weak regarding this domain Best regards --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php --
________________________________ Anthony Michael Rutkowski EVP, Industry Standards & Regulatory Affairs ________________________________ Yaana Technologies LLC
542 Gibraltar Drive Milpitas CA 95035 USA |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]