OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

oasis-charter-discuss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: TC (CTI) Charter -Suggestion: Add "Standardized Representations" for Organizational Entities

(1)(b) Statement of Purpose, paragraph 3

Suggest consideration of expansion of scope in Section (1)(b) of CTI TC Charter to include "Standardized Representations" for overall Organizational Entities (e.g., Adversary, Intermediate, Target).  Ultimately many of us want to represent the entire Cyber-Battlespace holistically in our models which in turn requires common representation of organizations and their unique attributes and behaviours as an entity.

"Standardized representations will be developed for Organizational entities (e.g., Adversary, Intermediate, Target), campaigns, threat actors, incidents, tactics techniques and procedures (TTPs), indicators, exploit targets, observables, and courses of action.  These core components and their inter-relationships together will enable robust cyber threat analysis and intelligence sharing."

Presumably technical implementation would leverage OASIS CIQ (with Cyber Domain extensions if/as required). 

A standard Organizational Representation could in turn enable an extension for normalized/deterministic tokenization to redact/transform Attacker/Target attributional data (while still conveying useful targeting metadata and generalixed context).  For example, sharing email targeting lists for APT targeted sprear-phising campaigns with other oganizations can be extremely valuable.  Replacing attributional employee/organizational data removes  current impediments.

Patrick Maroney
Office: (856)983-0001
Cell: (609)841-5104

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]