OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-stix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [cti-stix] Asset: the missing piece in your puzzle


that's what I did in XORCISM
So, ok, quickly... (but RTFM)
Assets are Organisations, Persons, "Automatons" (+Hardware)
So (again quickly):
Threat Actors are Assets
Threat Actors' Infrastructure are Assets
...

Because we have to deal with different contexts ("use cases") that depend of the Organisations (=Assets) (e.g. the GUIDs); until we have a mechanism (constructs) to "speak" about the Assets, we will face endless discussions on how to deal with each and every context/use case.


2015-11-27 16:31 GMT+03:00 Aharon Chernin <achernin@soltra.com>:
I am 100% behind giving us the ability to communicate asset information. Just not sure it should be in STIX, or OASIS CTI for that matter. If we can do this at a higher level than CTI, then we can use the same asset standard for vulnerability, compliance, and threats. We could even use it outside of the information security space. 

I say we continue using exploit target until we can figure out how to get STIX out of the asset business. 

Aharon

From: <cti-stix@lists.oasis-open.org> on behalf of Patrick Maroney <Pmaroney@Specere.org>
Date: Friday, November 27, 2015 at 7:18 AM
To: Jason Keirstead <jason.keirstead@ca.ibm.com>, Jerome Athias <athiasjerome@gmail.com>
Cc: "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org>

Subject: Re: [cti-stix] Asset: the missing piece in your puzzle

ExploitTarget only represents where the "pointy end" of the stick is pointed (attack surface/vulnerability), not the organization or assets behind same.  Some of us share the view that there needs to be a top level object that represents the Victim(s) and their Assets.

Patrick Maroney
President
Integrated Networking Technologies, Inc.
Desk: (856)983-0001
Cell: (609)841-5104
Email: pmaroney@specere.org

_____________________________
From: Jason Keirstead <jason.keirstead@ca.ibm.com>
Sent: Friday, November 27, 2015 8:08 AM
Subject: Re: [cti-stix] Asset: the missing piece in your puzzle
To: Jerome Athias <athiasjerome@gmail.com>
Cc: <cti-stix@lists.oasis-open.org>


Wouldn't an asset just be linked using the already existing facility of @idref on ExploitTarget?

Not sure something new needs to be created...

-
Jason Keirstead
Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown


Inactive hide details for Jerome Athias ---11/27/2015 01:49:35 AM---From https://www.sans.org/critical-security-controls to ISOJerome Athias ---11/27/2015 01:49:35 AM---From https://www.sans.org/critical-security-controls to ISO 27001, through the NIST CSF (#1 Identify

From: Jerome Athias <athiasjerome@gmail.com>
To: cti-stix@lists.oasis-open.org
Date: 11/27/2015 01:49 AM
Subject: [cti-stix] Asset: the missing piece in your puzzle
Sent by: <cti-stix@lists.oasis-open.org>





From https://www.sans.org/critical-security-controls
to ISO 27001, through the NIST CSF (#1 Identify), NIST Risk Management
Framework, SP 800-53... ...
If you don't properly manage your Assets in cybersecurity: you will FAIL.

Information obtained from the data that you will manipulate and
exchange need to be linked to your Assets, the Assets of others
(Supply Chain or Adversaries).

So -again-, I invite you to look at http://scap.nist.gov/specifications/ai/

NB: While not perfect, and I can comment further with pleasure on
where/why, the Asset concept/construct or relationships (i.e. through
GUIDs) is, imho, NEEDED.

PS: I will try to put effort on documenting where the current model(s)
are currently weak regarding this domain

Best regards

---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 









[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]