ITEM #1 reference to retrieval and archiving is removed.

Slides:

Advertisements

Similar presentations

Secure Systems Research Group - FAU Process Standards (and Process Improvement)

Advertisements

Wisconsin Knowledge & Concepts Examination (WKCE) Test Security Training for Proctors Wisconsin Department of Public Instruction Office of Educational.

Data Breach Notification Toolkit Mary Ann Blair Director of Information Security Carnegie Mellon University September 2005 CSG Sponsored by the EDUCAUSE.

© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

SACM Terminology Nancy Cam-Winget, David Waltermire, March.

TechSec WG: Related activities overview Information and discussion TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko.

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.

IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.

PSAEA – CNRA Conference on OEF (Köln, 29-31/05/2006) The relationship between risk analysis and event analysis – PSA based Event Analysis P. De Gelder.

The State of Security Management By Jim Reavis January 2003.

Requirements for Format for INcident data Exchange (FINE) draft-ietf-inch-requirements-00.txt INCH WG, IETF56 March 19, 2003 Yuri Demchenko Glenn Mansfield.

INCH Requirements (2) IETF INCH-WG, March.2003 Glenn M. Keeni/Yuri Demchenko.

INCH Requirements IETF Interim meeting, Uppsala, Feb.2003.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

Long-term Archive Service Requirements draft-ietf-ltans-reqs-00.txt.

ITIL: Why Your IT Organization Should Care Service Support

DICOM Conformance Statement (DCS) A Proven Power within DICOM

Web Development Life Cycle from Beginning to End…and BEYOND!

Information Systems Security Computer System Life Cycle Security.

Project Analysis Course ( ) Final Project Report Overview Prepared by: Sijali Petro Korojelo (Course Assistant)

IODEF Design principles and IODEF Data Model Overview IODEF Data Model and XML DTD pre-draft Version 0.03 TERENA IODEF WG Yuri Demchenko.

Statistics New Zealand Classification Management System Andrew Hancock Statistics New Zealand Prepared for 2013 Meeting of the UN Expert Group on International.

Incident Object Description and Exchange Format TF-CSIRT at TERENA IODEF Editorial Group Jimmy Arvidsson Andrew Cormack Yuri Demchenko Jan Meijer.

Integrating Security Design Into The Software Development Process For E-Commerce Systems By: M.T. Chan, L.F. Kwok (City University of Hong Kong)

Standards Analysis Summary vMR – Pros Designed for computability Compact Wire Format Aligned with HeD Efforts – Cons Limited Vendor Adoption thus far Represents.

Unit 1 University of Sunderland COMM80 Risk Assessment of Systems Change Risk Aspects and Context Covered in the Module COMM80: Risk Assessment of Systems.

Incident Object Description and Exchange Format

Ocean Observatories Initiative Data Management (DM) Subsystem Overview Michael Meisinger September 29, 2009.

Technology Considerations for Spam Control 3 rd AP Net Abuse Workshop Busan Dave Crocker Brandenburg InternetWorking

Terminology and Use Cases Status Report David Harrington IETF 88 – Nov Security Automation and Continuous Monitoring WG.

Jaroslav Šnajberk, Tomáš Potužák, Richard Lipka Department of Computer Science and Engineering Faculty of Applied Sciences University of West Bohemia,

Use Cases -Use Case Diagram Chapter 3 1. Where are we? 2 Analysis Chapters Ch 2Investigating System Requirements Ch 3Use Cases Ch 4Domain Modeling Ch.

Computer Science and Engineering Computer System Security CSE 5339/7339 Session 21 November 2, 2004.

Fonkey Project Update: Target Applications TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko.

ISO Registration Common Areas of Nonconformances.

INFO 340 Lecture 2 Intro to Databases. Book –Need it –Order individually through UW Bookstore –Or Amazon.

When we communicate, we are sharing information. This sharing can be local or remote. Between individuals, local communication usually occurs face to face,

Task Force CoRD Meeting / XML Security for Statistical Data Exchange Gregory Farmakis Agilis SA.

1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The.

CERN - IT Department CH-1211 Genève 23 Switzerland t A Quick Overview of ITIL John Shade CERN WLCG Collaboration Workshop April 2008.

1 Chapter 2 Database Environment Pearson Education © 2009.

INCident Handling BOF (INCH) Thursday, March IETF 53.

Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.

ISO 9001:2015 Subject: Quality Management System Clause 8 - Operation

Incident Response Christian Seifert IMT st October 2007.

Disaster Recovery Planning (DRP) DRP: The definition of business processes, their infrastructure supports and tolerances to interruptions, and formulation.

Introduction: Databases and Database Systems Lecture # 1 June 19,2012 National University of Computer and Emerging Sciences.

IS&T Project Reviews September 9, Project Review Overview Facilitative approach that actively engages a number of key project staff and senior IS&T.

Open Reputation Systems. Overview OASIS ORMS (Open Reputation Management Systems) introduction Use cases, requirements and model ENISA Paper on Security.

Stephen Banghart Dave Waltermire

A Quick Overview of ITIL

Use Cases -Use Case Diagram

Wisconsin Department of Public Instruction

A Web Services Journey on the .NET Bus

INCH Requirements Glenn Mansfield Keeni Cyber Solutions Inc

Introduction to Operating System (OS)

Cyber Issues Facing Medical Practice Managers

ITIL: Why Your IT Organization Should Care Service Support

IS&T Project Reviews September 9, 2004.

Web Development Life Cycle from Beginning to End…and BEYOND!

Metadata The metadata contains

The ESS reference metadata standards

Web-based Imaging Management System WIMS

Web-based Imaging Management System Working Group - WIMS

Accounting Information Systems and Business Processes - Part I

Web Development Life Cycle from Beginning to End…and BEYOND!

Radiopharmaceutical Production

Incident Object Description and Exchange Format

Presentation transcript:

ITEM #1 reference to retrieval and archiving is removed

Item#2 Justification of FINE – sample generic usage "for reactionary analysis of current intruder activity and proactive identification of trends that can lead to incident prevention" e.g. in one scenario, CERT-A may have received a report of an incident from one of its constituencies. The attacker in this case is from a constituency of CERT-B. CERT-A will want to communicate all or parts of the incident report to CERT-B. CERT-B will receive the incident report investigate it and probably return all or parts of the investigation results to CERT-A."

Item#2-1 The designer/developer/implementor of the Exchange Format. CERTS and other organizations that use implementations of format The Audience

Item#3 Move “Goals” to introduction

Item#4 Introduction to the Terminology section

Item#5,6 Ternimology: Damage and Impact Damage The intended or unintended direct consequence of an attack. E.g. lost data, unusable system, unavailability of services. Impact The result of the attack in a wider sense. It covers all results of the attack direct and indirect. The impact may be given in financial and/or economic terms.

Item#7 Ternimology: Computer Security Incident vs Incident Report

Item#8 Ternimology: Target vs Victim Drop or keep ?

Item#9 Ternimology: Attack vs Event Event => Any occurance Security incident => Adverse event Attack => Some security incidents

Item#10 Ternimology: Regroup definitions CSIRT Event Computer/Network Security Incident Incident Report Attack Target Damage Impact

Item#11 Ternimology: Incident some aspect of computer system or network security is compromised

Item#12 Operational Model Diagram Remove reference to Statistics packages Other Org => collaborators, involved parties, etc.

Item#13 Life Cycle of a report the report itself evolves. The states: - handling - complete/closed - waiting the report is updated based on interaction with/ investigation by CSIRTs; Not one CSIRT can vouch for the full report

Item#14 Life Cycle of a report vs Life cycle of data The opening or closing of a report does not validate or invalidate the assertions in the report.

Item#15 Move requirements from Operational Model to requirements

Item#16 Requirement # 7.5: definition of “Current Owner”

Item#17 Requirement # 7.6 and 7.8 Additional Reference vs Reference to Advisory

Item#18 Requirement # 7.11 Time reporting Time will be reported in format that can easily be resolved to UTC and/or localtime.

Item#19 Requirement # 7.14 Move from Content requirements to General requirements 5.6. The Format for Incident report Exchange must have a well defined semantics and provide a standard way for extensibility in terms of addition of components and/or extending the components.

New Requirement 5.7. FINE must allow multilingual reports. And in case there multiple language versions of a component of the report FINE must be provide a way to identify which version is authentic. An Incident Report may be multilingual i.e. different parts of the Incident Report may use different languages. It is also possible that multiple versions of parts of the report exist, each version in a different language. The versions may not be consistent.

Item#20 Security Considerations: References to sections corrected.