CTI STIX Subcommittee

  • 1.  RFI: MITRE Analysis and Assessment Vocabulary

    Posted 10-23-2015 18:08





    Although relative to the active discussions, I wanted to pull this RFI out of the increasingly bifurcated related threads:


    (1)  MITRE published the following paper in 2013 that some of may find of value:




    Characterizing Effects on the Cyber Adversary
    A Vocabulary for Analysis and Assessment


    Deborah Bodeau 
    Richard Graubart 


    November 2013





    http://www.mitre.org/sites/default/files/publications/characterizing-effects-cyber-adversary-13-4173.pdf



    Abstract


    This paper presents a vocabulary for stating claims or hypotheses about the effects of cyber mission assurance decisions on cyber adversary behavior. Cyber mission assurance decisions include choices of cyber defender actions,
    architectural decisions, and selections and uses of technologies to improve cyber security, resiliency, and defensibility (i.e., the ability to address ongoing adversary activities). The vocabulary enables claims and hypotheses to be stated clearly, comparably
    across different assumed or real-world environments, and in a way that suggests evidence that might be sought but is independent of how the claims or hypotheses might be evaluated. The vocabulary can be used with multiple modeling and analysis techniques,
    including Red Team analysis, game-theoretic modeling, attack tree and attack graph modeling, and analysis based on the cyber attack lifecycle (also referred to as cyber kill chain analysis or cyber campaign analysis).






    (2)  I've reached out to a couple of MITRE contacts but have been unable to find any additional related papers, reference implementations, and/or schematic representations of the Analysis and Assessment Vocabulary.  I'd welcome a direct reach back if anyone
    has anything related to this work.











    Patrick Maroney
    President
    Integrated Networking Technologies, Inc.
    Office:  (856)983-0001
    Cell:      (609)841-5104










  • 2.  Re: [cti-stix] RFI: MITRE Analysis and Assessment Vocabulary

    Posted 10-31-2015 14:41
    Potentially related to https://github.com/STIXProject/schemas/issues/347 2015-10-23 21:07 GMT+03:00 Patrick Maroney <Pmaroney@specere.org>: > Although relative to the active discussions, I wanted to pull this RFI out > of the increasingly bifurcated related threads: > > (1) MITRE published the following paper in 2013 that some of may find of > value: > > Characterizing Effects on the Cyber Adversary > A Vocabulary for Analysis and Assessment > > Deborah Bodeau > Richard Graubart > > November 2013 > > > http://www.mitre.org/sites/default/files/publications/characterizing-effects-cyber-adversary-13-4173.pdf > > Abstract > > This paper presents a vocabulary for stating claims or hypotheses about the > effects of cyber mission assurance decisions on cyber adversary behavior. > Cyber mission assurance decisions include choices of cyber defender actions, > architectural decisions, and selections and uses of technologies to improve > cyber security, resiliency, and defensibility (i.e., the ability to address > ongoing adversary activities). The vocabulary enables claims and hypotheses > to be stated clearly, comparably across different assumed or real-world > environments, and in a way that suggests evidence that might be sought but > is independent of how the claims or hypotheses might be evaluated. The > vocabulary can be used with multiple modeling and analysis techniques, > including Red Team analysis, game-theoretic modeling, attack tree and attack > graph modeling, and analysis based on the cyber attack lifecycle (also > referred to as cyber kill chain analysis or cyber campaign analysis). > > > > (2) I've reached out to a couple of MITRE contacts but have been unable to > find any additional related papers, reference implementations, and/or > schematic representations of the Analysis and Assessment Vocabulary. I'd > welcome a direct reach back if anyone has anything related to this work. > > > Patrick Maroney > President > Integrated Networking Technologies, Inc. > Office: (856)983-0001 > Cell: (609)841-5104