[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti] Attack Motivations
I know we are on a tight timelime and want to close on these enumerations. However, I want to add a strategically focused comment here: The overarching point is to advocate for common adoption of taxonomies across standards (formal and de facto). By taking the time to identify and adopt "best of breed" taxonomies, we can then srategically do outreach and advocate for homogenization and drive convergence. So presuming we will always have a variety of CTI schemas and ontologies (e.g., VERIS, OpenIOC, CIF), the convergence and adoption of shared Taxonomies will empower easier transformations between different formats and internal data representations.
If we could get all CTI TC members to submit their existing taxonomies for the categories in question, maybe we could quickly reach concurrence and homogenization. Thoughts?
I know I've seen some very good Motivation Taxonomies with good descriptions. Have not found "the" one yet...@Jerome Athias: Your thoughts?
Alternatively, here's some of the better ones I've found today.
(1) The IBM X-Force taxonomy
Since this is copyrighted material I can't provide the spacifics. One can register for the paper here: https://www-01.ibm.com/marketing/iwm/iwm/web/signup. do?source=ibm-WW_Security_ Services&S_PKG=ov47531&S_TACT= C405001W&dynform=21982&ce= ISM0484&ct=SWG&cmp=IBMSocial& cm=h&cr=Security&ccy=US&cm_mc_ uid=42640253661614409439900& cm_mc_sid_50200000=1470597188
(We would have to normalize their "Outrage Trolls" Class).
(2) VERIS Taxonomy
ACTOR.X.MOTIVENA: Not Applicable (unintentional action)Espionage: Espionage or competitive advantageFear: Fear or duressFinancial: Financial or personal gainFun: Fun, curiosity, or prideGrudge: Grudge or personal offenseIdeology: Ideology or protestConvenience: Convenience of expediencyUnknown: UnknownOther: Other
Patrick Maroney
President
Integrated Networking Technologies, Inc.
Desk: (856)983-0001
Cell: (609)841-5104
Email: pmaroney@specere.org
(4) NIST
Couldn't find one but believe a taxonomy exists
This Taxonomy did come from an existing well vetted solution. aka the Intel Threat Agent work. But given that work applies to general threat actors, we are trying I tailor it more specifically to the cyber space.
The reason I am looking to add a few values is I have been reviewing every taxonomy I can find and make sure our terms and definitions cover everything that cerebrally exists.
Bret
Sent from my Commodore 64.02: Like Sophistication, we should directly adopt an existing, well vetted, Taxonomy.
@Patrick/ISightPartners or @EclecticIQ: Can you provide reference?
Patrick Maroney
President
Integrated Networking Technologies, Inc.
Desk: (856)983-0001
Cell: (609)841-5104
Email: pmaroney@specere.org
All,
Intrusion Sets and Threat Actors both use the Attack Motivations vocabulary. Right now we have the following terms in that vocab:
- accidental
- coercion
- dominance
- ideology
- notoriety
- organizational-gain
- personal-gain
- personal-satisfaction
- revenge
- unpredictable
I propose that we add the following thee terms to this list, I missed them when I was putting this list together.
- amusement
- advantage (competitive, political, economic)
- anarchy
Thanks,
Bret
Bret Jordan CISSPDirector of Security Architecture and Standards | Office of the CTOBlue Coat SystemsPGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]