[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [cti-stix] Asset: the missing piece in your puzzle
I don’t doubt the value of bridging this information in the context of a repository within your organization. However, it is not within the scope of CTI nor is it information that most organizations would ever dream of sharing outside their boundaries. I see STIX as letting us communicate that a threat is directed at a particular platform (e.g. Windows 7 or RHEL 4.x) or a specific vulnerability (e.g. CVE-2015-00001) and so on and enabling an organization to link that information with whatever asset-management system and data it has access to. From: cti-stix@lists.oasis-open.org [mailto:cti-stix@lists.oasis-open.org] On Behalf Of Jerome Athias How will you bridge information related to threats/incidents/vulnerabilities/compliance/configuration... together? (1M$ Question: what is affected by all of this?) 2015-11-27 17:14 GMT+03:00 Struse, Richard <Richard.Struse@hq.dhs.gov>: I agree completely. Just because something (like asset information) is important and could be helpful in understanding the potential impact of a threat doesn’t mean that STIX or any component of CTI needs to define that information model. We need to keep a laser-like focus on Cyber Threat and build bridges to other communities that are looking at asset, configuration or vulnerability information. From: cti-stix@lists.oasis-open.org [mailto:cti-stix@lists.oasis-open.org] On Behalf Of Aharon Chernin
I am 100% behind giving us the ability to communicate asset information. Just not sure it should be in STIX, or OASIS CTI for that matter. If we can do this at a higher level than CTI, then we can use the same asset standard for vulnerability, compliance, and threats. We could even use it outside of the information security space. I say we continue using exploit target until we can figure out how to get STIX out of the asset business. Aharon From: <cti-stix@lists.oasis-open.org> on behalf of Patrick Maroney <Pmaroney@Specere.org> ExploitTarget only represents where the "pointy end" of the stick is pointed (attack surface/vulnerability), not the organization or assets behind same. Some of us share the view that there needs to be a top level object that represents the Victim(s) and their Assets. Patrick Maroney _____________________________ Wouldn't an asset just be linked using the already existing facility of @idref on ExploitTarget?
|
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]