[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-users] Research Paper on Information Sharing of Cyber Security Threats and Defense Strategies
Jacob, Thanks for the outreach and interest. A couple of recommendations and comments: (1)
We have a registry of over 60 Commercial Products/Services and Open Source Projects supporting the current OASIS CTI TC STIX, CybOX, and TAXII Specifications. The links to Registration
and the latest versions of the registry can be found on the OASIS CTI TC Interoperability SC Wiki Page: https://wiki.oasis-open.org/cti/cti-interoperability (2)
There is an initiative underway using “data mining” via GitHub API to automagically collect metadata on related Open Source Projects. In the interim there are a couple of dozen
Open Source projects that can be found by searching GitHub using keywords “STIX”, “CybOX”, and “TAXII”. (3)
To the root point of your line of inquiry: In my experience, there are three key elements to establishing increased Inter-exchange of sensitive and actionable CTI:
a.
Trust – “Human to Human” interaction (e.g., as facilitated through ISACs, ISAOs, Conferences, other formal/ad
hoc information sharing groups) is ultimately required to build solid trust relationships.
b.
Confidence - in the mechanisms for conveyance, common understanding, and enforcement of data marking and handling
instructions.
c.
Ease of Use – Simply put, we as the CTI Inter-Exchange and Operationalization architects and technologists need
to provide the abstraction layers that mask complexity while providing reliable and predictable behavior. You’ll have to do a little “digging” but there is substantive discourse from different stakeholder perspectives on key aspects can be found if you search the archives
of this community (both here on OASIS and in the legacy MITRE host STIX/CybOX/TAXII Nabble Archives:
http://making-security-measurable.1364806.n2.nabble.com.).
If you are a member of the IDXWG, there is also valuable discourse in general and specifically in relation to a number of Threads on TLP (ultimately becoming
part of the FIRST IEP-SIG initiatives. Note: “Anyone can participate in the IEP-SIG, including organizations who are not members of FIRST. If you would like to join the IEP-SIG then please email
the FIRST Secretariat first-sec@first.org. “) Patrick Maroney Office: (856)983-0001 Cell: (609)841-5104 President Integrated Networking Technologies, Inc. PO Box 569 Marlton, NJ 08053 From:
<cti-users@lists.oasis-open.org> on behalf of "Hinkle, Jacob (LNG-SBO)" <jacob.hinkle@lexisnexis.com> Ladies and Gentlemen, I am writing a research paper on the technologies involved with Information Sharing in the Cyber Security industry as well as some of the challenges faced by White Hat Cyber Security folks in keeping up on threat intel. Some of my key
programs and organizations of interest are Infragard, Taxii, Stix, various vendor "threat intel" feeds, PasteBin (yes pastebin for threat intel mostly as a target for scrapers looking for loosed credentials or exploit code) and IBM Xforce to name a few. My "ask" from you all is some direction for any services/organizations I may be overlooking as well as any insight you may have to making the sharing of cyber security related intel a more open and prevalent thing. Part of my paper will
be examining corporate reluctance to share threat intelligence especially when related to exploits and attacks against their own networks, and what impact this has on our ability to effectively adapt and defend against new threats. My initial stance is that while the black hats openly share exploits and attack vectors with each other, white hats or specifically the corporations they work for do not share the information of how to defend against threats or share information
about how the attackers managed to hack them. I will speak at length about the laws proposed and also those which have been passed which ostensibly are meant to facilitate this sharing between the government and corporate America, so I also would appreciate
your thoughts on these as well if you have the time/feel like sharing. I am not relying on the kindness of strangers to get my paper written but your input as a community that is dedicated to these issues would be very valuable. Thank you for your time and consideration. Jacob Hinkle, CISSP This publicly archived list provides a forum for asking questions, offering answers, and discussing topics of interest on STIX, TAXII, and CybOX. Users and developers of solutions that leverage STIX, TAXII and CybOX are invited to participate. In order to verify user consent to OASIS mailing list guidelines and to minimize spam in the list archive, subscription is required before posting. Subscribe:
cti-users-subscribe@lists.oasis-open.org Unsubscribe:
cti-users-unsubscribe@lists.oasis-open.org List help:
cti-users-help@lists.oasis-open.org List archive:
http://lists.oasis-open.org/archives/cti-users/ List Guidelines:
http://www.oasis-open.org/maillists/guidelines.php CTI Technical Committee:
https://www.oasis-open.org/committees/cti/ Join OASIS: http://www.oasis-open.org/join/ |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]