I would support this being set up in OASIS and think it would be a pretty good value add.
For the below of most IR and CTI people not being in OASIS, that is true but each org or member of this CTI group can easily ping folks within their organization to ask for assistance.
<firstname.lastname@example.org> on behalf of "Jordan, Bret" <email@example.com>
Date: Monday, August 8, 2016 at 1:50 PM
To: JE <firstname.lastname@example.org>
Cc: "email@example.com" <firstname.lastname@example.org>, Carol Geyer <email@example.com>
Subject: Re: [cti] Proposal to create CTI User Council
Caution: This email came from outside Kaiser Permanente. Do not open attachments or click on links if you do not recognize the sender.
It feels like this should be done outside of OASIS land, and I would support this if done outside of OASIS land. I do not think the catch all CTI-Users forum is the place to do this either...
I was always in favor of a users group being setup (outside of OASIS). I think there would be real value in having a place to talk about usability aspects and implementation aspects. I could see this group building lot of good material
for how to use STIX and TAXII in a security playbook. But IMHO, it would be best to do this all outside of OASIS land. If you tried to do this in OASIS, then the majority of people you would want to be part of this, could not be. As they would not be OASIS
members. Most IR people and day-2-day analysts are not members of OASIS, even if their company or organization is.
Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
as already discussed within CTI TC and some of you I’ld like to submit the proposal below to create a Cyber Threat Intelligence User Council as a sub-group of the OASIS CTI Technical
Committee and volunteer to take care about it.
Proposal: Create CTI User Council, a neutral forum in which corporate end users
voice concerns, discuss best practices, and identify common technical requirements that can be shared with the main CTI Technical Committee.
Who should join: Non-vendor CTI TC members (banks, healthcare companies, retailers, etc.) who want to track and influence the
standards without engaging in day-to-day spec development issues.
- Enable end user members to contribute to CTI standards in ways meaningful to them, such as articulating business requirements,
mobilizing support for vertical specializations, and promoting adoption of common best practices;
- Foster peer-based discussions where non-vendor members can exchange information on pain points and collaborate to address real-world
- Provide CTI STIX, TAXII, CybOX, and Interoperability Subcommittees with a direct mechanism for obtaining user feedback on technical
- Increase adoption of CTI standards and enable a robust CTI ecosystem by engaging more end users in the process.
- CTI STIX, TAXII, CybOX, and Interoperability Subcommittees could periodically provide the User Council with summary reports
on their progress, allowing Council members to stay current with the SCs' work without the need to follow daily SC email exchanges.
- As needed, CTI Subcommittees could poll the User Council for input on specific issues under debate. ("Would approach A or B
be more useful to you?")
- Council members could discuss use cases and share experiences via their own email list and via occasional F2F meetings, held
alone or in conjunction with industry events such as Borderless Cyber.
- Council could produce documents defining business requirements, vertical specializations, and best practices for submission to main CTI TC.
Format: The CTI User Council would be formed as a Subcommittee
of the CTI TC (to take advantage of the SC infrastructure) but 'Subcommittee' would not be used in the group name.
Also I’ld like to thank Carol for her support to get this going. What are your thoughts about it? Any feedback is highly appreciated!
Best Regards from muddy Berlin (weather was better last week @DefCon although hardly seen daylight),
NOTICE TO RECIPIENT:
If you are not the intended recipient of this e-mail, you are prohibited from sharing, copying, or otherwise using or disclosing its contents.
If you have received this e-mail in error, please notify the sender immediately by reply e-mail and permanently delete this e-mail and any attachments without reading, forwarding or saving them.