OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-stix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [cti-stix] MISP Taxonomies [Was: CTI Brussels F2F Meeting...RSVP deadline 5 September]


I very much like the idea of adding support for the MISP taxonomies, but I still think that confidence should be a numerical value.

I would like to see a way that the admiralty scale taxonomy can be mapped to a numerical equivalent. That way if someone wants to use a different taxonomy because the admiralty scale is either too broad or too narrow, they are free to do so, because we are not directly mandating it be used.

-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown


Inactive hide details for Patrick Maroney ---09/08/2016 01:29:55 PM---Good discussion folks.  In support of the concepts expresPatrick Maroney ---09/08/2016 01:29:55 PM---Good discussion folks. In support of the concepts expressed here, I'd like to raise the topic of su

From: Patrick Maroney <Pmaroney@Specere.org>
To: Dave Cridland <dave.cridland@surevine.com>, JE <je@cybersecurityscout.eu>
Cc: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>, "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org>, "Terry MacDonald" <terry.macdonald@cosive.com>
Date: 09/08/2016 01:29 PM
Subject: [cti-stix] MISP Taxonomies [Was: CTI Brussels F2F Meeting...RSVP deadline 5 September]
Sent by: <cti-stix@lists.oasis-open.org>





Good discussion folks. In support of the concepts expressed here, I'd like to raise the topic of supporting the MISP Taxonomy format and the public repository of Taxonomies and format for consideration.

https://github.com/MISP/misp-taxonomies

Alexandre Dulaunoy has cleared up concerns raised regarding licensing, so we can assess on the technical merits.


Image

Patrick Maroney
President
Integrated Networking Technologies, Inc.
Desk: (856)983-0001
Cell: (609)841-5104
Email:
pmaroney@specere.org



From: cti@lists.oasis-open.org <cti@lists.oasis-open.org> on behalf of Dave Cridland <dave.cridland@surevine.com>
Sent:
Thursday, September 8, 2016 4:13:31 AM
To:
JE
Cc:
cti-stix@lists.oasis-open.org; cti@lists.oasis-open.org; Terry MacDonald
Subject:
RE: [cti] CTI Brussels F2F Meeting...RSVP deadline 5 September

There's two approaches, both already existing, which can help with this. Firstly, a common, shared policy (and just as important, commonly understood semantics). The FIRST IEP work is along these lines.

Secondly, real security label/classification/policy systems allow one policy to be translated to another, as long as the semantics can be mapped. These systems exist already, and are specified in a slew of documents include SDN.801(c), X.841, and so on.

Obviously these two are complementary - if there are lots of common semantics in organisation's policies, it makes it easy to express handling requirements, and the existing label specs allow each organization to have their own policy which they can develop independently.

But all this is already handled by STIX - it's just payload data to STIX and TAXII.

Dave.


On 8 Sep 2016 09:29, "JE" <je@cybersecurityscout.eu> wrote:


Bret Jordan
Alexandre Dulaunoy
Raymon van der Velde
Ryusuke Masuoka
Kazuo Noguchi
Jason Keirstead
Jerome Athias
Allan Thomson
Daniel Riedel
John-Mark Gurney
Carol Geyer
Richard Struse
Joerg Eschweiler
Trey Darley
Marko Dragoljevic
Sergey Polzunov
Aukjan van Belkum
Wouter Bolsterlee
Andras Iklody
Mark Davidson
Masato Terada



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]