Terminology and Use Cases Status Report David Harrington IETF 88 – Nov 4 2013 Security Automation and Continuous Monitoring WG.

Slides:

Advertisements

Similar presentations

Presented to: By: Date: Federal Aviation Administration Registry/Repository in a SOA Environment SOA Brown Bag #5 SWIM Team March 9, 2011.

Advertisements

What’s New for 2013 Steve Allen CEO, iDatix Corproation.

presents from anywhere… to anywhere… in any format.

EAP Channel Bindings Charles Clancy Katrin Hoeper IETF 76 Hiroshima, Japan November 08-13, 2009.

Presentation by: Peter Thomas Blue Lance, Inc Using SIEM Solutions Effectively to meet Security, Audit, and Compliance Requirements.

SACM Terminology Nancy Cam-Winget, David Waltermire, March.

SACM IETF-92 Meeting March 23 and 27, 2015 Dan Romascanu Adam Montville.

IETF NEA WG (NEA = Network Endpoint Assessment) Chairs:Steve Hanna, Susan Thomson,

Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.

SECURITY SIG IN MTS 28 TH JANUARY 2015 PROGRESS REPORT Fraunhofer FOKUS.

Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

Business process management (BPM) Petra Popovičová.

Automated XML Content Data Exchange and Management draft-waltermire-content-repository-00

ISA–The Instrumentation, Systems, and Automation Society SP99 Work Group 2 TR#2 “Second Edition” Long Beach Meeting April 28, 2004.

What is Business Analysis Planning & Monitoring?

S New Security Developments in DICOM Lawrence Tarbox, Ph.D Chair, DICOM WG 14 (Security) Siemens Corporate Research.

Transforming the Way We Work Logistics Community of Practice Jill Garcia Defense Acquisition University 14 July 2006.

HIPAA COMPLIANCE WITH DELL

A Model for Exchanging Vulnerability Information draft-booth-sacm-vuln-model-01 David Waltermire.

Windows 2000 Security Policies & Practices: How to build your plan Mandy Andress, CISSP President ArcSec Technologies.

Slide 1 Using Models Introduced in ISA-d Standard: Security of Industrial Automation and Control Systems (IACS) Rahul Bhojani ISA SP99 WG4 Meeting.

ISA–The Instrumentation, Systems, and Automation Society SP99 Work Group 2 Planning for TR#2 Second Edition Long Beach Meeting April 28, 2004.

David N. Wozei Systems Administrator, IT Auditor.

9/14/2012ISC329 Isabelle Bichindaritz1 Database System Life Cycle.

ETICS2 All Hands Meeting VEGA GmbH INFSOM-RI Uwe Mueller-Wilm Palermo, Oct ETICS Service Management Framework Business Objectives and “Best.

7-Oct-15 System Auditing. AUDITING Auditing is a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic.

Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.

Systems Design Approaches The Waterfall vs. Iterative Methodologies.

1 Common Criteria Ravi Sandhu Edited by Duminda Wijesekera.

© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.

© 1998 R. Gemmell IETF WG Presentation1 Robert Gemmell ROAMOPS Working Group.

1 Schema Registries Steven Hughes, Lou Reich, Dan Crichton NASA 21 October 2015.

ISO 9001:2008 to ISO 9001:2015 Summary of Changes

Page 1 WWRF Briefing WG2-br2 · Kellerer/Arbanowski · · 03/2005 · WWRF13, Korea Stefan Arbanowski, Olaf Droegehorn, Wolfgang.

SACM Requirements Nancy Cam-Winget March 2014.

Standards Certification Education & Training Publishing Conferences & Exhibits 1Copyright © 2006 ISA ISA-SP99: Security for Industrial Automation and Control.

Evaluation Proposal Defense Observations and Suggestions Yibeltal Kiflie August 2009.

SACM Scope Discussion IETF-92 Meeting March 23, 2015 Dave Waltermire Adam Montville.

Create Content Capture Content Review Content Edit Content Version Content Version Content Translate Content Translate Content Format Content Transform.

Digital Libraries1 David Rashty. Digital Libraries2 “A library is an arsenal of liberty” Anonymous.

Consultative process for finalizing the Guidance Document to facilitate the implementation of the clearing-house mechanism regional and national nodes.

Metadata By N.Gopinath AP/CSE Metadata and it’s role in the lifecycle. The collection, maintenance, and deployment of metadata Metadata and tool integration.

1 Pioneer Investments Legal and Compliance System Assessment Weekly Status Update June 23, 2005.

A Framework for Session Initiation Protocol User Agent Profile Delivery (draft-ietf-sipping-config-framework-11) SIPPING – IETF 68 Mar 19, 2007 Sumanth.

Moving towards an IRS WG Charter Ross Callon IETF 85, Atlanta.

NFV Configuration Problem Statements Haibin Song Georgios Karagiannis

Netconf Schema Query Mark Scott IETF 70 Vancouver December 2007

and LMAP liaison Document Number: IEEE R0 Date Submitted: Source: Antonio BovoVoice:

Asset Summary Reporting draft-davidson-sacm-asr-00 David Waltermire

Proposed SACM Architecture Ad-hoc SACM Arch team July 2014.

Department of Computer Science Introduction to Information Security Chapter 8 ISO/IEC Semester 1.

SACM Vulnerability Assessment Scenario IETF 95 04/05/2016.

Business process management (BPM)

Critical Security Controls

SACM Virtual Interim Meeting

Security SIG in MTS 05th November 2013 DEG/MTS RISK-BASED SECURITY TESTING Fraunhofer FOKUS.

Kumiko Ono End-to-middle Security in SIP draft-ietf-sipping-e2m-sec-reqs-04 draft-ono-sipping-end2middle-security-03 Kumiko Ono.

Business process management (BPM)

Configuration Management and Prince2

Nancy Cam-Winget June 2015 SACM Requirements Nancy Cam-Winget June 2015.

SACM Virtual Interim Meeting

Week Thirteen – Continuous Auditing/CAATs and QA/QC

Week Thirteen – CAATs & Continuous Auditing

Software Measurement Process ISO/IEC

11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Requirements for Client-facing Interface to Security controller draft-ietf-i2nsf-client-facing-interface-req-02 Rakesh Kumar Juniper networks.

Transmitted by the expert from ISO

QG Vulnerability Management Module

Henk Birkholz Jarret Lu Nancy Cam-Winget

Presentation transcript:

Terminology and Use Cases Status Report David Harrington IETF 88 – Nov Security Automation and Continuous Monitoring WG

Terminology Document  This document provides common terms used in the other documents produced by SACM.  Draft-dbh-sacm-terminology accepted as WG draft.  Published as draft-ietf-sacm-terminology-00.  -01- Added vulnerability, vulnerability management, exposure, misconfiguration, and software flaw. 11/4/13SACM WG IETF 882

Use Cases Document  This document provides a sampling of use cases for collecting, aggregating, and assessing data to determine an organization's security posture.  From use cases, we can derive common functional networking capabilities and requirements for IETF-related standards.  The scope of this document is limited to Enterprise Security Posture Assessment. Later documents can address other scopes.  Existing IETF technologies might be suitable to address some of these functions and requirements. 11/4/13SACM WG IETF 883

Use Cases Status -00-  Since IETF87  Draft-waltermire-sacm-use-cases accepted as WG draft draft-ietf-sacm-use-cases-00  Moved terminology section into draft-ietf-sacm- terminology-00  Removed requirements (to be put into draft-ietf-sacm- requirements-00) 11/4/13SACM WG IETF 884

Use Cases Status -01-  Changed format of use cases to meet WG consensus  Rewrote section 3 content regarding asset management to focus on discrete uses of asset management  Added section 4 - Functional Capabilities  Removed sections on asset discovery, components, composition, resources and life cycle  Expanded asset identification, characterization, and de- confliction.  Added asset targeting. 11/4/13SACM WG IETF 885

Use Cases Status -02-  Changed title  Removed section 4 – this should go into requirements document.  Removed list of proposed functional capabilities from section 3.1  Removed requirements language  Rewrote the 4 use cases in this document to meet WG format preferences. 11/4/13SACM WG IETF 886

Use Cases -03-  Expanded “typical workflow” description  Changed use of ambiguous “assessment” to separate collection and evaluation processes.  Added 10 use case contributions. 11/4/13SACM WG IETF 887

Use Cases  Added 4 use case contributions. 11/4/13SACM WG IETF 888

Use Cases in -04-  Definition and Publication of Automatable Configuration Guides  Automated Checklist Verification  Organizational Software Policy Compliance  Detection of Posture Deviations  Search for Signs of Infection  Remediation and Mitigation  Endpoint Information Analysis and Reporting 11/4/13SACM WG IETF 889

Use Cases in -04-  Asynchronous Compliance/Vulnerability Assessment  Vulnerable Endpoint Behavior  Compromised Endpoint Identification  Suspicious Endpoint Behavior  Traditional Endpoint Assessment with Stored Results  NAC/NAP connection using endpoint evaluator  NAC/NAP connection using third-party evaluator 11/4/13SACM WG IETF 8810

Use Cases in -04-  Repository Interactions – A Full Assessment  Repository Interactions – Filtered Data Assessment  Direct Human Retrieval of Ancillary Materials  Register with Repository for Immediate Notification of New Security Vulnerability Content that Match a Selection Filter 11/4/13SACM WG IETF 8811

Some Use Cases from -01- not in -04-  NIDS Response  Historical Vulnerability  Source Address Validation  Event Driven Monitoring  Periodic Monitoring  Self-monitoring  Do these belong in use cases document?  Are these adequately captured in rewritten use cases? 11/4/13SACM WG IETF 8812

Issues  Should use cases be simplified?  Do use cases need to be simplified?  Goal of use cases is to get user feedback and to have use cases drive requirements.  Now we need to start extracting requirements wish-list.  Are these 18 use cases adequate for driving requirements? 11/4/13SACM WG IETF 8813

Questions? 11/4/13SACM WG IETF 8814