CTI STIX Subcommittee

 View Only

UML CTI STIX and Conceptual threat/risk models

  • 1.  UML CTI STIX and Conceptual threat/risk models

    Posted 12-14-2015 08:26
    Dear Richard, (if time permits...) Your review of the UML diagrams of the OMG mentioned below would be of the highest value. Best regards 2015-11-10 19:57 GMT+03:00 Cory Casanave <cory-c@modeldriven.com>: > Oasis/CTI/STIX Stakeholders, > > As many of you know, we are concurrently working on a specification within > the Object Management Group (OMG) for an operational threats and risks > model. This effort is related to CTI but has some different goals. The > submission team has just released the second draft revision of this > specification which we are releasing publicly for comment and community > building as it works its way through the OMG process. We expect one more > major revision prior to adoption. > > > > The focus of this effort is different from CTI in three ways: > > · It is an “all threats/all risks” model inclusive of cyber and > physical. STIX has been and will continue to be a major input into this > effort for both general and cyber specific concerns. The intent of this > broad scope is the federation of information from and between multiple > domains such as Cyber, Critical Infrastructure, Law Enforcement, Emergency > Management, Safety Engineering, Terrorist Prevention and others. As such the > information for a particular domain is less detailed but more general as it > focuses on what would be of interest across these domains and communities as > we deal with sophisticated multi-dimensional attacks. > > · The foundation is a semantic conceptual model in UML, not a data > model. Threat/risk defines no new exchange formats but provides the > “semantic glue” between the many formats we have in different communities, > both standards based and proprietary. This allows for federating and > analyzing information from multiple sources as well as translating > information between formats. > > · It brings together the more tactical “situational awareness” > perspectives with enterprise and system risk management. > > > > Within the threat/risk specification an initial mapping to STIX (1.2 at this > time) is included such that STIX information can be comprehended and > federated in this way. We hope to utilize the final CTI specifications in > the next revision. The other mappings included are NIEM (From the > Justice/Public Safety Community) and NIST 800-53. We expect to add others > over time, including Oasis EDXL. > > > > Many of the concepts and issues we deal with in threat/risk are “front and > center” in CTI – we hope to collaborate on working out these ideas. > > > > This is a draft specification and input and engagement from the STIX > community is welcome. Artifacts are available here: > > · Specification Document (PDF): > http://www.threatrisk.org/spec/RevisedSubmission/Revised%20Operational%20Threat%20Risk%20Submission.pdf > > · Specification Document (.DOC): > http://www.threatrisk.org/spec/RevisedSubmission/Revised%20Operational%20Threat%20Risk%20Submission.doc > > · Specification .ZIP with all models: > http://www.threatrisk.org/spec/RevisedSubmission/Revised%20threat-risk%20Submission%20machine%20readable%20files.zip > > · Community portal: http://threatrisk.org/drupal/ > > > > We look forward to working together! > > The threat/risk submission team.