I hope I can get some help here. I am tasked with aligning my SOC's reporting process/procedures/taxonomy with the new US-CERT guidelines. Working on this task has revealed some concerns with the SOP(s) currently in place, and I'm trying to come up with a good solution that fulfills the goals dictated to me by my leadership. To that end, I have a few questions. Disclaimer: I am not, by training, a Security Analyst (I am a computer forensics analyst), thus, I am on the DF side of the DFIR community, so my questions may seem a bit misguided or naive. I apologize if that is the case. That being said, on to the questions:
1) Has anyone in the community come up with a (at-least semi-concrete) set of high-level classifications for most of the cyber attacks the security community deals with on a regular basis. For example, I've seen lists of cyber threats that include the following different categories:
I would put those into the top-level category of "email-based attacks".
I would put those into the top-level category of "malware"
Hopefully you get the idea.
2a) This question is one more of curiosity. How are people reacting to the new US-CERT guidelines? I understand why US-CERT is doing it (better metrics), but why take the attack descriptors (as outlined in NIST 800-61) and make them "hard and fast" categories. NIST specifically recommends against doing that in 800-61. Why didn't US-CERT merely say, for example: "starting on date xx/yy/zzzz, in addition to reporting incidents using the legacy incident reporting category system (i.e CAT 0-6), please qualify the incident using the the RIFT Coding (my nomenclature - Recoverability Impact, Information Impact, Functionality Impact and Threat Vector) System.
2b) What are people doing to reconcile the CAT 0-6 system with the new US-CERT reporting system?
|thread locked Quote Subscribe||
Jan 8th 2015
7 years ago
Choosing between intoxicant rehab centers can be serious. It is beta to feel a clinic at which you believe cozy. Numerous clinics offer technical work for indisputable religions, age, genders or new groups.<br />
<span style="background-color: #ea9999;">Salaried for communication can seem overwhelming, but some shelter plans meet any of the outgo of rehab. If contract does not compensate enough and you cannot open the place of the peak, galore steroid rehab centers supply finance options.</span><br />
|Thread locked. Quote||
Jan 11th 2015
7 years ago