What about unknown? Or unspecified?
I know the field is currently optional but these might still be valid assignments to the field to convey.
So not including the field is not the same as assigning to undefined/unknown and conveying that.
From:
"cti@lists.oasis-open.org" <
cti@lists.oasis-open.org> on behalf of "Jordan, Bret" <
bret.jordan@bluecoat.com>
Date: Saturday, August 6, 2016 at 9:15 PM
To: "cti@lists.oasis-open.org" <
cti@lists.oasis-open.org>
Subject: [cti] Attack Motivations
All,
Intrusion Sets and Threat Actors both use the Attack Motivations vocabulary. Right now we have the following terms in that vocab:
accidental
coercion
dominance
ideology
notoriety
organizational-gain
personal-gain
personal-satisfaction
revenge
unpredictable
I propose that we add the following thee terms to this list, I missed them when I was putting this list together.
amusement
advantage (competitive, political, economic)
anarchy
Thanks,
Bret
Bret Jordan CISSP
Director of Security Architecture and Standards Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."