[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: Face to Face - RM4 - Prop 9 relationships
Thanks Phillip, I’d seen the earlier study by Char Sample that this was based on, but not seen the follow up. Thanks for sending! Cheers Terry MacDonald Senior STIX Subject Matter Expert SOLTRA | An FS-ISAC and DTCC Company +61 (407) 203 206 |
terry@soltra.com From: Phillip Cutforth [mailto:Phillip.Cutforth@dia.govt.nz]
Gents, Noting I have trouble posting to CTI mail lists, I’ll leave this with yourselves to consider if useful for wider audience…. Concerning profiling threat actors… I’ve just read an interesting report by SEI CMU on “Cyber + Culture Early Warning Study”. It is a special report that examines the linkage between culture(s)
and cyber behaviours, with a view to profiling cyber (threat) actors and the timelines involved between cyber and kinetic events.
Details: SEI CMU – CERT Division Title: Cyber + Culture Early Warning Study Author: Char Sample Ref/ID: CMU/SEI-2015-SR-025 Dated: Nov 2015 http://resources.sei.cmu.edu/library/ http://resources.sei.cmu.edu/asset_files/specialreport/2015_003_001_449739.pdf
Kind Regards, Phil C Phil Cutforth MBE MSc | AoG Enterprise Architect | Service and System
Transformation
From:
cti@lists.oasis-open.org [mailto:cti@lists.oasis-open.org]
On Behalf Of Terry MacDonald This is
exactly the idea behind the ID format that we proposed in the TWIGS specification. Organizations would be able to produce easy to remember objects that would be used as ‘library objects’ that others would be able to use and reference. In this way, we
could create a list of common Attack-Pattern objects based on CAPEC, and they would just be available for use by anyone. We could then over time build up a picture of which threat actors use which attack patterns in a way that allows us to easily traverse
the graph relationships between them thanks to the ‘shared’ library objects that link them. Cheers Terry MacDonald Senior STIX Subject Matter Expert SOLTRA | An FS-ISAC and DTCC Company +61 (407) 203 206 |
terry@soltra.com From:
cti@lists.oasis-open.org [mailto:cti@lists.oasis-open.org]
On Behalf Of Mark Clancy So one thought I want to inject which is hard to do on the phone. We should also talk about the use of Reference Data as binding glue when dealing with relationships. For
example why does everyone on the planet need to create their own STIX object in their own namespace for a "spear phishing" TTP. So that Org1 and Org2 "Spear phishing" TTPs are different things as they are unique STIX objects when in fact they really should
have been the same. Yes there are variants of Spear Phishing which may also be generic TTP like say Whaling and others that are specific to a Threat Actor which will related to Spear Phishing are really more unique. -Mark Mark Clancy Chief Executive Officer SOLTRA
|
An FS-ISAC and DTCC Company +1.813.470.2400
office
|
+1.610.659.6671 US mobile
| +44 7823
626 535 UK mobile mclancy@soltra.com
| soltra.com One organization's incident becomes everyone's defense. From:
cti@lists.oasis-open.org <cti@lists.oasis-open.org> on behalf of Alexander Foley <alexander.foley@bankofamerica.com>
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]