INCH Requirements Glenn Mansfield Keeni Cyber Solutions Inc

Slides:



Advertisements
Similar presentations
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Advertisements

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.
3. Technical and administrative metadata standards Metadata Standards and Applications.
Requirements for Format for INcident data Exchange (FINE) draft-ietf-inch-requirements-00.txt INCH WG, IETF56 March 19, 2003 Yuri Demchenko Glenn Mansfield.
INCH Requirements (2) IETF INCH-WG, March.2003 Glenn M. Keeni/Yuri Demchenko.
INCH Requirements IETF Interim meeting, Uppsala, Feb.2003.
CS 603 Naming in Distributed Systems January 28, 2002.
ITIL: Why Your IT Organization Should Care Service Support
Lee Romero blog.leeromero.org November 2010 Enterprise taxonomy Six components of a vision.
S New Security Developments in DICOM Lawrence Tarbox, Ph.D Chair, DICOM WG 14 (Security) Siemens Corporate Research.
A Model for Exchanging Vulnerability Information draft-booth-sacm-vuln-model-01 David Waltermire.
IODEF Design principles and IODEF Data Model Overview IODEF Data Model and XML DTD pre-draft Version 0.03 TERENA IODEF WG Yuri Demchenko.
A Brief Introduction to Patient Identification Using the VUHID System Barry R. Hieb, MD Chief Scientist, Global Patient Identifiers Inc. Kantara, June.
1 © 1999 BMC SOFTWARE, INC. 2/10/00 SNMP Simple Network Management Protocol.
Incident Object Description and Exchange Format TF-CSIRT at TERENA IODEF Editorial Group Jimmy Arvidsson Andrew Cormack Yuri Demchenko Jan Meijer.
Topic Rathachai Chawuthai Information Management CSIM / AIT Review Draft/Issued document 0.1.
Incident Object Description and Exchange Format
Relations between IODEF and IDMEF Based on IDMEF XML DTD and Data Model Analysis TERENA ITDWG IODEF Editorial Group Yuri Demchenko.
ITEM #1 reference to retrieval and archiving is removed.
ISO/IEC 27001:2013 Annex A.8 Asset management
Master Data versus Reference Data
Sharing Digital Scores: Will the Open Archives Initiative Protocol for Metadata Harvesting Provide the Key? Constance Mayer, Harvard University Peter Munstedt,
The Semantic Web. What is the Semantic Web? The Semantic Web is an extension of the current Web in which information is given well-defined meaning, enabling.
Relations between IODEF and IDMEF Based on IDMEF XML DTD and Data Model Analysis TERENA ITDWG IODEF Editorial Group Yuri Demchenko.
INCident Handling BOF (INCH) Thursday, March IETF 53.
Database Principles: Fundamentals of Design, Implementation, and Management Chapter 1 The Database Approach.
 1- Definition  2- Helpdesk  3- Asset management  4- Analytics  5- Tools.
Engineering, 7th edition. Chapter 8 Slide 1 System models.
The Emergency Incident Data Document (EIDD)
Building Global CSIRT Capabilities Barbara Laswell, Ph. D
Incident Object Description and Exchange Format
App-ID Ad-Hoc Technical Issues TP AppID R02
Methodology Logical Database Design for the Relational Model
MANAGEMENT OF STATISTICAL PRODUCTION PROCESS METADATA IN ISIS
PROPworks ESB Financial Interface
Cryptography and Network Security
ROLIE: Resource-Oriented Lightweight Indicator Exchange
Summary Report Project Name: Voluntary Universal Healthcare Identifiers Brief Project Description: The VUHID project supplies globally unique healthcare.
Middleware independent Information Service
Introduction to the Federal Defense Acquisition Regulation
Secure Coding Initiative
Master Data versus Reference Data
Abstract descriptions of systems whose requirements are being analysed
Unified Contact Center Enterprise Design Dumps practice-questions.html.
Onlineitguru Selenium is one of the most widely used open-source tool that is used for testing software or Automation. It is licensed under Apache License.
Chapter 6: Distributed Applications
THE DEVELOPMENT SERVICE
ITIL: Why Your IT Organization Should Care Service Support
Introduction to Database Systems
ITIL: Why Your IT Organization Should Care Service Support
draft-ipdvb-sec-01.txt ULE Security Requirements
Dr. Awad Khalil Computer Science Department AUC
ELECTRONIC MAIL SECURITY
ELECTRONIC MAIL SECURITY
2. An overview of SDMX (What is SDMX? Part I)
RESCUE System Deliverables
Tech introduction.
CVE.
Technical Capabilities
William Stallings Data and Computer Communications
RDA cataloguing and linked data
Metadata The metadata contains
ITIL: Why Your IT Organization Should Care Service Support
Dr. Awad Khalil Computer Science Department AUC
Doug Bellows – Inteliquent 3/18/2019
Cryptography and Network Security
Generic Statistical Information Model (GSIM)
M. Boucadair, J. Touch, P. Levis and R. Penno
Incident Object Description and Exchange Format
Presentation transcript:

INCH Requirements Glenn Mansfield Keeni Cyber Solutions Inc IDS 研究会 14/12/99   INCH Requirements Glenn Mansfield Keeni Cyber Solutions Inc (glenn@cysols.com) Hiroyuki Ohno Wide Project (hohno@wide.ad.jp) IETF-55 Atlanta, November, 2002 Glenn M.

Based on a review of RFC3067 CERT Processes IDWG requirements IDS 研究会 14/12/99   Based on a review of RFC3067 CERT Processes IDWG requirements Glenn M.

Operational Model CSIRT Other CSIRTs Incident Report Database IDS 研究会 14/12/99   Operational Model Other CSIRTs CSIRT Incident Report Database Glenn M.

Operational Model-2 Alerts, Reports Statistics CSIRT Other CSIRTs IDS 研究会 14/12/99   Operational Model-2 Other CSIRTs CSIRT Incident Report Database Alerts, Reports Statistics Glenn M.

Incident Report Handling Requirements: Changes from RFC3067 IDS 研究会 14/12/99   Incident Report Handling Requirements: Changes from RFC3067 Alerts Incident Reports Sensor Human Cryptic (codes etc.) Descriptive May contain Alerts Manager & Humans Standard based app. Standard ? Glenn M.

Intent of the IR Data Model IDS 研究会 Intent of the IR Data Model 14/12/99   controlled exchange and sharing clear and unambiguous semantics even across regional/national boundaries (as far as possible) well defined syntax (atleast for parts of it) enable categorization and statistical analysis ensure integrity and the authenticity Glenn M.

Requirements: General Format Communication Contents Process IDS 研究会 14/12/99   Requirements: General Format Communication Contents Process Glenn M.

IR Format Requirements: IDS 研究会 14/12/99   IR Format Requirements: Internationalization & Localization Structured Well defined semantics for the components Unambiguous and reducible time references Record of time development Access control (who will have to access what ) different components, users Globally unique identification (for IR ) Extensibility Glenn M.

IR Communication Requirements: IDS 研究会 14/12/99   IR Communication Requirements: Must have no effect on integrity, authenticity Glenn M.

IR Content Requirements: IDS 研究会 14/12/99   IR Content Requirements: Various facets of the entities involved Not only network related information Various naming rules for the entities Globally unique identifier  (components) Classification scheme (enumerated) Several classifications Originator, Owner, Contacts, History, Reference to advisories Description of the incident Glenn M.

IR Content Requirements: IDS 研究会 14/12/99   IR Content Requirements: Multiple versions (in different languages) Indication of “original” vs “translated copies” IDMEF Alerts Logs, Dumps Additional references/pointers Impact (Guidelines for uniform description) Actions taken Authenticity, Integrity verification info Glenn M.

IR Process Requirements: IDS 研究会 14/12/99   IR Process Requirements: Must be deployed real soon ! Glenn M.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.