SACM Terminology Nancy Cam-Winget, David Waltermire, March.

Slides:



Advertisements
Similar presentations
Presented by Nikita Shah 5th IT ( )
Advertisements

Presented to: By: Date: Federal Aviation Administration Registry/Repository in a SOA Environment SOA Brown Bag #5 SWIM Team March 9, 2011.
Presentation by Priyanka Sawarkar
{ Best Practice Why reinvent the wheel?.   Domain controllers   Member servers   Client computers   User accounts   Group accounts   OUs 
Project Cyber Security Order 706 January 10, 2012 Most of the material presented has been compiled from NERC webinars and drafting team meetings.
CCMDB 7.2.
Security Controls – What Works
Information Security Maintenance
Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.
Computer Security: Principles and Practice
Business Intelligence Dr. Mahdi Esmaeili 1. Technical Infrastructure Evaluation Hardware Network Middleware Database Management Systems Tools and Standards.
Patching MIT SUS Services IS&T Network Infrastructure Services Team.
Asset management guidelines
VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.
Enterprise Architecture
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
Module 16: Software Maintenance Using Windows Server Update Services.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Automatically control.
Automated XML Content Data Exchange and Management draft-waltermire-content-repository-00
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Initial slides for Layered Service Architecture
SEC835 Database and Web application security Information Security Architecture.
A Model for Exchanging Vulnerability Information draft-booth-sacm-vuln-model-01 David Waltermire.
Slide 1 Using Models Introduced in ISA-d Standard: Security of Industrial Automation and Control Systems (IACS) Rahul Bhojani ISA SP99 WG4 Meeting.
NIST Special Publication Revision 1
PATCH MANAGEMENT: Issues and Practical Solutions Presented by: ISSA Vancouver Chapter March 4, 2004.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
User Manager Pro Suite Taking Control of Your Systems Joe Vachon Sales Engineer November 8, 2007.
Event Management & ITIL V3
© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.
Appendix C: Designing an Operations Framework to Manage Security.
ISS SiteProtector and Internet Scanner LanAdmin Group Meeting 12/8/2005.
SACM Requirements Nancy Cam-Winget March 2014.
Terminology and Use Cases Status Report David Harrington IETF 88 – Nov Security Automation and Continuous Monitoring WG.
Maintaining and Updating Windows Server Monitoring Windows Server It is important to monitor your Server system to make sure it is running smoothly.
Novell Compliance Management Platform Update CMP & CMP Extension for SAP Environments Leo Castro Product Marketing Manager Patrick Gookin.
SACM Scope Discussion IETF-92 Meeting March 23, 2015 Dave Waltermire Adam Montville.
OSLC PLM Workgroup visit URL for terms of usage1 OSLC PLM Workgroup PLM Scenarios Systems Engineering scenario “Systems Engineer Reacts to Changed Requirements”
INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used? Tripwire.
Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.
Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.
Security Snapshot Assessment Maximizing Return on Security Investment What assets do we have? What is running on those assets? What is our risk level?
State of Georgia Release Management Training
Introduction to ITSM processes. CONFIDENTIAL Agenda Problem Management  Overview  High Level process Change Management  Overview  High Level process.
WMUG Presents System Center 2012 Configuration Manager Software Updates Management Presented by Robert Marshall MVP ConfigMgr
Asset Summary Reporting draft-davidson-sacm-asr-00 David Waltermire
Changing IT Managing Networks in a New Reality Alex Bakman Founder and CEO Ecora Software.
SACM Vulnerability Assessment Scenario IETF 95 04/05/2016.
Tripwire Threat Intelligence Integrations. 2 Threat Landscape by the Numbers Over 390K malicious programs are found every day AV-Test.org On day 0, only.
Security and resilience for Smart Hospitals Key findings
ITIL: Service Transition
Business process management (BPM)
WSU IT Risk Assessment Process
Cyber Security Enterprise Risk Management: Key to an Organization’s Resilience Richard A. Spires CEO, Learning Tree International Former CIO, IRS and.
Integrated Cyber October 16-17, 2017
Business process management (BPM)
IBM Software Group | Tivoli Brand Software
Use Cases and Requirements for I2NSF_
IS4550 Security Policies and Implementation
SVTRAININGS. SVTRAININGS Features of SCCM  Application management  Provides a set of tools and resources that can help you create, manage, deploy, and.
I have many checklists: how do I get started with cyber security?
TRIP WIRE INTRUSION DETECTION SYSYTEM Presented by.
Coordinated Security Response
Intel Active Management Technology
Henk Birkholz Jarret Lu Nancy Cam-Winget
CMGT/431 INFORMATION SYSTEMS SECURITY The Latest Version // uopcourse.com
CMGT 431 CMGT431 cmgt 431 cmgt431 Entire Course // uopstudy.com
Presentation transcript:

SACM Terminology Nancy Cam-Winget, David Waltermire, March 2014

Current Status Updates in -02 draft – Many new terms are introduced without definitions – Many of the new terms are either no longer used, out of scope, part of a usage scenario definition or already defined in other RFCs

Proposed changes Provide Definitions with appropriate existing RFC references for: – Expected endpoint state – collection task: include its use in terms of “ad hoc” vs. direct – evaluation task : include its use in terms of “ad hoc” vs. direct – Collection guidance – Evaluation guidance – Processing artifact – Asset – Asset characteristics – Asset management – Building block – Endpoint target – Endpoint Discovery – Evaluation result – Security automation – Information model: include RFC 3444 reference

Discussion for proposed changes Do we need definitions for: – Capability – System Resource – Expected state criteria (or should state be part of the information model?) How should we handle different attribute types and states? Change “data collection” references to “posture collection”

Backup Slides

List of terms to Remove acquisition method actor actual endpoint state ad hoc collection task ad hoc evaluation task applicable data collection content Application Appropriate {actor, application, operator} Approved {configuration, endpoint configuration, hardware list, software list} Artifact, artifact age Asset management {data, system} Async compliance assessment Async vulnerability assessment Attack condition Automatable configuration guide definition Automatable configuration guide publication automated checklist verification automated endpoint compliance monitoring Baseline {compliance} Business logic Reference RFC 5209 and remove: -Assessment {criteria, cycle, planning, subset, trigger} -Attribute -Collected posture attribute value -Collection content acquisition -Collection process -Collection request -Collection task -Endpoint {attribute, posture, posture assessment, posture attribute, posture attribute value} -Posture {aspect, attribute, aspect change, attribute, attribute evaluation, attribute identification, attribute value, attribute value collection, attribute value query, evaluation}

List of terms to Remove Candidate endpoint target Change {detection, event, event monitoring, filter, management, management program} Checklist {identification, verification} Client endpoint Compliance assessment cycle Compliance {level, monitoring} Computing platform endpoint Configuration {baseline, data, item, item change, management} Content {change detection, data store, definition, instance, publication, query, repository, retrieval} Criteria Critical vulnerability Current sign of malware infection Data analysis Database mining Define content Desired state {identification} Detection timelines Deviation notification Discovery Endpoint compliance monitory Endpoint component inventory Endpoint {event, identification, information analysis and reporting, metadata} posture attribute value collection endpoint posture change monitoring endpoint posture compliance endpoint posture deviation endpoint posture deviation detection endpoint posture monitoring endpoint {state, target, target identification, type } enterprise {function, function definition, policy, standards} evaluating data evaluation content acquisition evaluation task event-driven notification expected function expected state Function Functional capability immediate detection indicator of compromise industry group information expression malicious {activity, configuration item, hardware, software] malware infection manual endpoint compliance monitoring mobile endpoint monitoring network access control {decision } network {event, infrastructure endpoint, location } network-connection-driven data collection new vulnerability on-demand detection ongoing change-event monitoring ongoing-event-driven endpoint-posture-change monitoring

List of terms to Remove Policy Posture {change, deviation, deviation detection} previously collected {information, posture attribute value, posture attribute value analysis} Process public content Repository publication {metadata, operations} publish content query regulatory authority repository content {identification, retrieval} Result {set } retrieve content Risk {management, management program} scheduled task search criteria secure configuration baseline Security {administrator, posture, process} Server endpoint significant {endpoint event, event} signs of infection state criteria supporting content Whole assessment Workflow trigger Misconfiguration Remediation, software flaw Vulnerability {management} target target endpoint task trigger unauthorized configuration {item, hardware, software } vulnerability {artifact, artifact age, condition, exposure, management, mitigation, remediation} ongoing-event-driven monitoring operational data operations organizational {policy, policy compliance, security posture} patch {change, management} performance condition periodic collection request periodic data collection

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.