OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-stix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [cti-stix] Re: [sacm] Mind Mapping


I still feel quite strongly that any model which derrives Threat Actors from Assets is going to lose most everyone. It is simply not how the CTI space conceptualizes an Asset.

As to the remainder of the model - our own normalized Asset model that contains most of the objects being discussed, has over 55 entities in it, so there is much more complexity here.

I am not sure I can actually share a diagram of our data model at a high level... I will look into this.

-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown


Inactive hide details for Jerome Athias ---07/12/2016 12:21:05 PM---I get your point on NFV. Yes and No. The tool used for thisJerome Athias ---07/12/2016 12:21:05 PM---I get your point on NFV. Yes and No. The tool used for this map (FreeMind), from what I currently no

From: Jerome Athias <athiasjerome@gmail.com>
To: Tony Rutkowski <tony@yaanatech.com>
Cc: cti-stix@lists.oasis-open.org, "sacm@ietf.org" <sacm@ietf.org>
Date: 07/12/2016 12:21 PM
Subject: [cti-stix] Re: [sacm] Mind Mapping
Sent by: <cti-stix@lists.oasis-open.org>





I get your point on NFV. Yes and No.
The tool used for this map (FreeMind), from what I currently now of
it, don't allow recursive arrows/relationships. (a lot are missing,
but meantime would make the map messy)
I would envision that Service/API under "Automaton/Service" would
basically 'do the job'. (you could also move
"physical/logical/virtual" to "Automaton/System/Service"...)

Feel free to produce your own abstracted mind map of the cyberspace...
(and listen to Three Little Birds :p)

PS: Ref. the "synthetic-id" concept, if my memory is ok, comes from
Asset Identification
https://scap.nist.gov/specifications/ai/
NB: Sean Barnum 'documented' a similar concept, called "identifiers
construct" (see i.e.
https://stixproject.github.io/getting-started/whitepaper/ ) (what was
lost in github issues...)



2016-07-12 17:13 GMT+03:00 Tony Rutkowski <tony@yaanatech.com>:
> In a rapidly emerging NFV world with
> service function chaining and network
> slicing, much of this mind map changes,
> no?
>
> Arguably, one of SACM's major deficiencies
> is its being grounded in a legacy world that
> is fast disappearing.
>
> --tony
>
>
> On 2016-07-12 3:44 AM, Jerome Athias wrote:
>
> Hi,
>
> Sometimes I let my mind doing stuff while listening the Ravel Bolero...
>
> @CTI: Attached is a (not-perfect) high-level asset-centric mind map
>
> @SACM: A Software is an Asset, so here identified by a synthetic-id.
> Also a Software is composed of software components...
>
> Best regards
>
> Refs:
>
http://www.frhack.org/research/xorcism.php
>
https://en.wikipedia.org/wiki/Bol%C3%A9ro
>
>
>
> _______________________________________________
> sacm mailing list
> sacm@ietf.org
>
https://www.ietf.org/mailman/listinfo/sacm
>
>
> --
>
> ________________________________
>
> Anthony Michael Rutkowski
>
> EVP, Industry Standards & Regulatory Affairs
>
> tony@yaanatech.com
>
> +1 703 999 8270
>
> ________________________________
>
> Yaana Technologies LLC
>
> 542 Gibraltar Drive
>
> Milpitas CA 95035 USA

---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 






[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]