implementing the iodef at the cert cc
play

Implementing the IODEF at the CERT/CC Roman Danyliw - PowerPoint PPT Presentation

May 16, 2023 •335 likes •437 views

Implementing the IODEF at the CERT/CC Roman Danyliw <rdd@cert.org> INCH IETF 55 Incident Reporting Forms CERT Coordination Center (CERT/CC) Federal Computer Incident Response Capability (FedCIRC) National

  1. Implementing the IODEF at the CERT/CC Roman Danyliw <rdd@cert.org> INCH – IETF 55

  2. Incident Reporting Forms • CERT Coordination Center (CERT/CC) • Federal Computer Incident Response Capability (FedCIRC) • National Infrastructure Protection Center (NIPC) • Defence Information System Agency (DISA) November 22. 2002 IETF 55 2

  3. Contact Information is too hard • There are 3 to contact classes, each represents a subset of the same information – Organization class – Contact class – IRTContact class • Propose : a unified class to represent contact information November 22. 2002 IETF 55 3

  4. Incomplete Contact Representation • Need additional information for contacts: – Point of Contact, – title, – phone, – email, – fax, – country, – timezone • Propose : adding this data to the Contact classes November 22. 2002 IETF 55 4

  5. Using Extensions • All data cannot be represented in IODEF – Extend schema using AdditionalData class • Human readability of AdditionalData diminishes quickly after a few elements • Propose : “Schema Locality” – Add AdditionalData to certain top-level IODEF container classes November 22. 2002 IETF 55 5

  6. Action Annotation not Machine-readable • Difficult to quickly (and in a machine readable way) to separate the elements from the History class – Who was contacted? – What actions were taken? • Propose : Separating the “communication log” in the History class to another class November 22. 2002 IETF 55 6

  7. Incomplete Impact Assessment • Quantifying Cost and Time of recovery – Recovery time (staff hours) – Recovery time (wall-clock) – Cost – Number of customer affected • Operational Impact – Did the attack disrupt core services? – Has the attack stopped? • Propose : Expanding the flexibility of the Impact class November 22. 2002 IETF 55 7

  8. Attack Tools Represenation • Difficult to represent information about the attack tool or technique used – Source.Program class – Method class • Propose : Expanding the flexibility of the Method class November 22. 2002 IETF 55 8

  9. Complex Incident Representation • Need resolution to Attacker/Source and Victim/Target class relationships http://listserv.surfnet.nl/scripts/wa.exe?A2=ind02&L =inch&O=D&P=6599 November 22. 2002 IETF 55 9

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

IODEF Data Model Status &lt;draft-ietf-inch-iodef-02&gt; Roman Danyliw &lt;rdd@cert.org&gt;

IODEF Data Model Status &lt;draft-ietf-inch-iodef-02&gt; Roman Danyliw &lt;rdd@cert.org&gt;

IODEF Data Model Status &lt;draft-ietf-inch-iodef-02&gt; Roman Danyliw &lt;rdd@cert.org&gt; 1300-1500, Thursday, March 4. 2004 IETF 59, Seoul, Korea XML Schema Migration http://www.uazone.org/demch/projects/iodef/ STATUS Release a

332 views • 12 slides
IODEF Data Model Status (changes from 02 to 03) &lt;draft-ietf-inch-iodef-03&gt; tracked @

IODEF Data Model Status (changes from 02 to 03) &lt;draft-ietf-inch-iodef-03&gt; tracked @

IODEF Data Model Status (changes from 02 to 03) &lt;draft-ietf-inch-iodef-03&gt; tracked @ https://rt.psg.com : inch-dm queue Roman Danyliw &lt;rdd@cert.org&gt; Thursday, November 11. 2004 IETF 61, Washington DC, USA Outline Changes from v02

146 views • 14 slides
IODEF Data Model Status (progress from -04) &lt;draft-ietf-inch-iodef-05&gt; tracked @

IODEF Data Model Status (progress from -04) &lt;draft-ietf-inch-iodef-05&gt; tracked @

IODEF Data Model Status (progress from -04) &lt;draft-ietf-inch-iodef-05&gt; tracked @ https://rt.psg.com : inch-dm queue Roman Danyliw &lt;rdd@cert.org&gt; Wednesday, November 9. 2005 IETF 64, Vancouver, Canada Status of Issues -05

632 views • 13 slides
IODEF Data Model Status (progress from 03) &lt;draft-ietf-inch-iodef-03&gt; tracked @

IODEF Data Model Status (progress from 03) &lt;draft-ietf-inch-iodef-03&gt; tracked @

IODEF Data Model Status (progress from 03) &lt;draft-ietf-inch-iodef-03&gt; tracked @ https://rt.psg.com : inch-dm queue Roman Danyliw &lt;rdd@cert.org&gt; Wednesday, March 9. 2005 IETF 62, Minneapolis, USA Progress on issues from v03

297 views • 16 slides
CCN-CERT Setting up a Governmental CERT: The CCN-CERT Case Study Sevilla, June 2007

CCN-CERT Setting up a Governmental CERT: The CCN-CERT Case Study Sevilla, June 2007

CCN-CERT Setting up a Governmental CERT: The CCN-CERT Case Study Sevilla, June 2007 Presentation FORUM: 19th Annual FIRST Conference SESSION: CCN Initiative of a Governmental CERT OBJECTIVE: Set the scope and goals of CCN

648 views • 28 slides
IODEF Incident object description and exchange format Developed within Terenas TF-CSIRT This

IODEF Incident object description and exchange format Developed within Terenas TF-CSIRT This

IODEF Incident object description and exchange format Developed within Terenas TF-CSIRT This material is public :) Jan Meijer &lt;jan.meijer@surfnet.nl&gt; IODEF: what is it about? Problem statement: define a common data format for sharing

320 views • 9 slides
Kinesio Tape Workshop Richard Cohen, D.C., DABCO, RCRB, Cert MDT, Cert VGT, Cert KT1, KT2, KT3

Kinesio Tape Workshop Richard Cohen, D.C., DABCO, RCRB, Cert MDT, Cert VGT, Cert KT1, KT2, KT3

Kinesio Tape Workshop Richard Cohen, D.C., DABCO, RCRB, Cert MDT, Cert VGT, Cert KT1, KT2, KT3 Team Chiropractor Kings College, Wilkes-Barre, PA History Concept developed by Kenzo Kase in the 70s Introduced to NATA in USA 1995

740 views • 32 slides
(E (EG-CERT) Ahmed Tharwat | Sharm El Sheikh | December 2017 Outline EG-CERT EG-CERT

(E (EG-CERT) Ahmed Tharwat | Sharm El Sheikh | December 2017 Outline EG-CERT EG-CERT

Egyptian Computer Emergency Readiness Team (E (EG-CERT) Ahmed Tharwat | Sharm El Sheikh | December 2017 Outline EG-CERT EG-CERT Hierarchy Operational Framework Key Cybersecurity Threats Capacity Building International

293 views • 14 slides
Montgomery County CERT General Meeting Tonights Agenda CERT Business Reports

Montgomery County CERT General Meeting Tonights Agenda CERT Business Reports

MAY 2016 Montgomery County CERT General Meeting Tonights Agenda CERT Business Reports Upcoming opportunities Featured speaker Ben Koshy, Special Ops, MC-CERT Field Searches Outreach Outreach Items WHO: National Institute

599 views • 24 slides
Management and Prevention Debbie Hicks MSc , BA, RGN, NMP, DN Cert, PWT Cert Nurse Consultant

Management and Prevention Debbie Hicks MSc , BA, RGN, NMP, DN Cert, PWT Cert Nurse Consultant

Hypoglycaemia in in Adults in in the Community: Recognition, Management and Prevention Debbie Hicks MSc , BA, RGN, NMP, DN Cert, PWT Cert Nurse Consultant Diabetes Medicus Health Partners Presentation content Statistics relating to

605 views • 24 slides
CERT-SPC: role and mission Cap. G.di F. Gabriele Cicognani - CERT-SPC - Rome, 04.21.2009 Agenda

CERT-SPC: role and mission Cap. G.di F. Gabriele Cicognani - CERT-SPC - Rome, 04.21.2009 Agenda

A modern approach to ICT security in pubblic administration CERT-SPC: role and mission Cap. G.di F. Gabriele Cicognani - CERT-SPC - Rome, 04.21.2009 Agenda SPCs architetture Scenario: security threats The CERT-SPC: role and

562 views • 30 slides
Passive DNS @ CERT.at (pDNS) contact: L. Aaron Kaplan &lt;kaplan@cert.at&gt; Tel: +43 1

Passive DNS @ CERT.at (pDNS) contact: L. Aaron Kaplan &lt;kaplan@cert.at&gt; Tel: +43 1

Passive DNS @ CERT.at (pDNS) contact: L. Aaron Kaplan &lt;kaplan@cert.at&gt; Tel: +43 1 505 64 16 / 78 Idea &amp; credits: Florian Weimer, BFK pDNS @ CERT.at passive DNS: Idea to capture the DNS answers and give them a timestamp.

336 views • 6 slides
Montgomery County CERT General Meeting Tonights Agenda CERT Business Upcoming Schedule

Montgomery County CERT General Meeting Tonights Agenda CERT Business Upcoming Schedule

JANUARY 2017 Montgomery County CERT General Meeting Tonights Agenda CERT Business Upcoming Schedule GoTeam in 2017 Reports Reports Teen CERT Instructors needed; Contact Kathee if available Sessions are Sunday and

762 views • 38 slides
IODEF Extensions for Phishing and Other E-Crimeware Patrick Cain Latest Status New draft

IODEF Extensions for Phishing and Other E-Crimeware Patrick Cain Latest Status New draft

IODEF Extensions for Phishing and Other E-Crimeware Patrick Cain Latest Status New draft out. Missed deadline by a little; should show up in repository soon. draft-ietf-inch-phishingextns-02 One Technical change Many

452 views • 5 slides
Montgomery County CERT General Meeting Tonights Agenda CERT Business Reports

Montgomery County CERT General Meeting Tonights Agenda CERT Business Reports

JUNE 2016 Montgomery County CERT General Meeting Tonights Agenda CERT Business Reports Upcoming opportunities Table toping an EVAC drill? Review protocol and technique Information needed; communications Stair chair;

402 views • 27 slides
Montgomery County CERT General Meeting Tonights Agenda CERT Business Reports

Montgomery County CERT General Meeting Tonights Agenda CERT Business Reports

JANUARY 2016 Montgomery County CERT General Meeting Tonights Agenda CERT Business Reports Upcoming opportunities Winter Preparedness Outreach Operations Santa Run Report Response was fair to good Sat. easier to staff

685 views • 53 slides
Corporate Governance Prof. John Ferguson Part 1 - What is a corporation and who should it serve?

Corporate Governance Prof. John Ferguson Part 1 - What is a corporation and who should it serve?

Corporate Governance Prof. John Ferguson Part 1 - What is a corporation and who should it serve? CORPORATE GOVERNANCE What is Corporate Governance? the system by which companies are directed and controlled (The Cadbury Report, 1992)

1.91k views • 114 slides
GNR607 Principles of Satellite Image Processing Instructor: Prof. B. Krishna Mohan CSRE, IIT

GNR607 Principles of Satellite Image Processing Instructor: Prof. B. Krishna Mohan CSRE, IIT

GNR607 Principles of Satellite Image Processing Instructor: Prof. B. Krishna Mohan CSRE, IIT Bombay bkmohan@csre.iitb.ac.in Slot 4 Lecture 21-23 Image Corrections Sept. 15-18, 2014 9.30 10.25 AM, 10.35 AM 11.30 AM, 11.35 12.30 PM

1.15k views • 35 slides
Instrumented Environments Andreas Butz, butz@ifi.lmu.de, www.mimuc.de Fri, 12:15-13:45,

Instrumented Environments Andreas Butz, butz@ifi.lmu.de, www.mimuc.de Fri, 12:15-13:45,

Instrumented Environments Andreas Butz, butz@ifi.lmu.de, www.mimuc.de Fri, 12:15-13:45, Theresienstr. 39, Room E 045 15. Mai 06 LMU Mnchen, Medieninformatik, Instrumented Environments, SS 2006, Andreas Butz 1 Topics today Displays

763 views • 53 slides
Stereo Computer Vision Fall 2018 Columbia University Homework Homework 2 grades are back

Stereo Computer Vision Fall 2018 Columbia University Homework Homework 2 grades are back

Stereo Computer Vision Fall 2018 Columbia University Homework Homework 2 grades are back Median 37/40, std 7.2 Homework 3 due now Homework 4 out today My Office Hours Now Mondays 5pm-6pm Course Evaluations 60% response

1.9k views • 97 slides
Updates Wednesday, August 24, 2016 Tucson, Arizona Prevent Terrorism/Enhance Security 2011

Updates Wednesday, August 24, 2016 Tucson, Arizona Prevent Terrorism/Enhance Security 2011

American Association of State Highway and Transportation Officials Special Committee on Transportation Security and Emergency Management 2016 Critical Infrastructure Committee Joint Annual Meeting Department of Homeland Security Updates

600 views • 17 slides
Future of Privacy Forum Higher Education Working Group GLBA Safeguards Rule Dean Forbes Counsel

Future of Privacy Forum Higher Education Working Group GLBA Safeguards Rule Dean Forbes Counsel

Future of Privacy Forum Higher Education Working Group GLBA Safeguards Rule Dean Forbes Counsel September 29, 2017 Agenda Introductions Department of Education Publications on Protecting Student Information GLBA Privacy and

739 views • 45 slides
This webinar is Parish Emergency Operations Planning Session 1: Beginning the Basic Plan October

This webinar is Parish Emergency Operations Planning Session 1: Beginning the Basic Plan October

This webinar is Parish Emergency Operations Planning Session 1: Beginning the Basic Plan October 22, 2018 Welcome Questions - Chat feature During our initial workshops, I introduced you to this model for capabilities- based planning. I want

497 views • 33 slides
1 Basic Info n Breakfast, coffee breaks n Meals n Lunch provided both days n Supported by

1 Basic Info n Breakfast, coffee breaks n Meals n Lunch provided both days n Supported by

1 Basic Info n Breakfast, coffee breaks n Meals n Lunch provided both days n Supported by University of Pittsburgh Provosts Office, SCI n n Dinner on your own n WiFi password: n Need help? n Kelly Shaffer, Program Director at SCI n Runhua

951 views • 38 slides

More recommend