OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

tac message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Agenda for tomorrow's working call

TAC TC,

Over the past one week Ryan and I spent some time on prioritizing which properties in the TAC object model we should start focusing on.

For tomorrowâs working call we want to discuss two topics.


1.  First, is the continuation of what we have discussed in the previous calls, creating a standard process for classifying concrete cases of Threat Actors to specific TA types and the power of axioms for inferencing information. Since our first call we have discussed how classifying Threat Actors using a standardized process and having a set of defined properties would be beneficial for achieving consistency among TA type classification. We described how this can be achieved by using ontologies and defining a set of axioms. Big part of that is the consistency of the TA vocabulary/classes among security professionals, threat intelligence platform data models, threat information sharing standards etc. For that reason our first step was to create a table that maps intelâs Threat Agent Library (TAL) and STIX TA labels which is partially influenced from TAL. It is in our belief that the models can be integrated since STIX can be used for defining parent classes and TAL can be used for defining child classes (subclasses). More details will follow in the working call on April 2, 2020.

2. Second, is the creation of a âGoalsâ taxonomy characterizing and standardizing the goals of a threat actor (what are they trying to do when carrying out an attack). This can be many levels deep. For example, a threat actor that intrudes for âtech_advantageâ. One level down in goals we can have that this TA targets âintellectual_propertyâ, and one level lower can describe industry such as âautomobileâ, one level lower that the TA is interested in having IP for  âpower_supplyâ, and finally that is specific to âbatteryâ. This is just an initial idea and we will start creating a taxonomy after our working call.

We have created a new document that we used to report the research that we have done, and it includes some requirements and some literature. For tomorrowâs working call only the pages 1, 2 and 5 are relevant. Please take a look before the meeting and of course you are more than welcome to read the whole document and comment.

The link to access the doc is https://docs.google.com/document/d/10KQRR45jm3k67EDl4IFB4l2f5BNz0jc2HWFan4_E3iQ/edit?usp=sharing

After tomorrowâs meeting we will integrate this information to the official requirements document and hopefully we can start writing text soon.

Stay safe.


Best,

Vasileios

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]