UML CTI STIX and Conceptual threat/risk models

[Jerome Athias <athiasjerome@gmail.com>]

Dear Richard,

(if time permits...)
Your review of the UML diagrams of the OMG mentioned below would be of
the highest value.

Best regards

2015-11-10 19:57 GMT+03:00 Cory Casanave <cory-c@modeldriven.com>:
> Oasis/CTI/STIX Stakeholders,
>
> As many of you know, we are concurrently working on a specification within
> the Object Management Group (OMG) for an operational threats and risks
> model. This effort is related to CTI but has some different goals. The
> submission team has just released the second draft revision of this
> specification which we are releasing publicly for comment and community
> building as it works its way through the OMG process. We expect one more
> major revision prior to adoption.
>
>
>
> The focus of this effort is different from CTI in three ways:
>
> ·         It is an “all threats/all risks” model inclusive of cyber and
> physical. STIX has been and will continue to be a major input into this
> effort for both general and cyber specific concerns. The intent of this
> broad scope is the federation of information from and between multiple
> domains such as Cyber, Critical Infrastructure, Law Enforcement, Emergency
> Management, Safety Engineering, Terrorist Prevention and others. As such the
> information for a particular domain is less detailed but more general as it
> focuses on what would be of interest across these domains and communities as
> we deal with sophisticated multi-dimensional attacks.
>
> ·         The foundation is a semantic conceptual model in UML, not a data
> model. Threat/risk defines no new exchange formats but provides the
> “semantic glue” between the many formats we have in different communities,
> both standards based and proprietary. This allows for federating and
> analyzing information from multiple sources as well as translating
> information between formats.
>
> ·         It brings together the more tactical “situational awareness”
> perspectives with enterprise and system risk management.
>
>
>
> Within the threat/risk specification an initial mapping to STIX (1.2 at this
> time) is included such that STIX information can be comprehended and
> federated in this way. We hope to utilize the final CTI specifications in
> the next revision. The other mappings included are NIEM (From the
> Justice/Public Safety Community) and NIST 800-53. We expect to add others
> over time, including Oasis EDXL.
>
>
>
> Many of the concepts and issues we deal with in threat/risk are “front and
> center” in CTI – we hope to collaborate on working out these ideas.
>
>
>
> This is a draft specification and input and engagement from the STIX
> community is welcome. Artifacts are available here:
>
> ·         Specification Document (PDF):
> http://www.threatrisk.org/spec/RevisedSubmission/Revised%20Operational%20Threat%20Risk%20Submission.pdf
>
> ·         Specification Document (.DOC):
> http://www.threatrisk.org/spec/RevisedSubmission/Revised%20Operational%20Threat%20Risk%20Submission.doc
>
> ·         Specification .ZIP with all models:
> http://www.threatrisk.org/spec/RevisedSubmission/Revised%20threat-risk%20Submission%20machine%20readable%20files.zip
>
> ·         Community portal: http://threatrisk.org/drupal/
>
>
>
> We look forward to working together!
>
> The threat/risk submission team.