MISP
/
misp-compliance
mirror of https://github.com/MISP/misp-compliance
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'master' of github.com:MISP/misp-compliance

pull/15/head
Alexandre Dulaunoy 2018-04-08 16:11:59 +02:00
parent 1b54b81656 ed2535f9b4
commit 13ce45a64a
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
2 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ISO_IEC_27010/misp-sharing-information-following-ISO-IEC-27010.md
View File

@ -279,7 +279,7 @@ MISP has asset management tools build into it. For example, taxonomies can be us
<li><a href="https://www.misp-project.org/taxonomies.html#_analyst_assessment"> The analyst experience taxonomy</a> can be used to assess the credibility of an analysis of an event.</li>
<li>The <a href="https://www.misp-project.org/taxonomies.html#_estimative_language">likelihood-probability</a> taxonomy can also be used to measure the credibility of an event.</li>
<li><a href="http://www.misp-project.org/features.html">The correlation feature and sightings</a> can also help assessing the credibility of an event.</li>
<li><a href="https://www.circl.lu/doc/misp/administration/#whitelisting-an-address">Whitelist</a> and <a href="https://github.com/MISP/misp-warninglists">Warning lists</a> improve false positive detection</li>
<li><a href="https://www.circl.lu/doc/misp/administration/#whitelisting-an-address">Whitelist</a> and <a href="https://github.com/MISP/misp-warninglists">Warning lists</a> improve false positive detection.</li>
</ul>
</td>
</tr>
@ -296,6 +296,8 @@ MISP has asset management tools build into it. For example, taxonomies can be us
<td>
<ul>
<li><a href="https://www.circl.lu/doc/misp/create-event-report/">"Threat Level" of a MISP event</a> indicates the level of criticality.</li>
<li>The <a href="https://www.misp-project.org/taxonomies.html#_impact_overall_rating">impact overall rating</a> taxonomy.</li>
<li>The <a href="https://www.misp-project.org/taxonomies.html#_victim_employee_count">victims employee count</a> taxonomy.</li>
</ul>
</td>
</tr>
@ -330,7 +332,8 @@ MISP has asset management tools build into it. For example, taxonomies can be us
<td><b>Sensitivity reduction</b> (8.4.4)</td>
<td>
<ul>
<li>In MISP, there is no taxonomy or specific field in the data model regarding sensitivity reduction. However, at any point in time, the originator of the event can change the TLP or the sharing model of an event for example.</li>
<li>Sightings in MISP can be used to evaluate the value of an attribute over time. Especially sightings of type <a href="http://www.misp.software/2017/02/16/Sighting-The-Next-Level.html">"Expiration"</a> can be added to an attribute to indicate that the attribute has lost value (e.g. URLs which have been cleaned after some time).</li>
<li>The MISP <a href="https://www.misp-project.org/taxonomies.html#_infrastructure_state">infrastructure-state taxonomy</a> can also indicate if the adversary infrastructure at the event or attribute level is still active or is down.</li>
</ul>
</td>
</tr>

9
README.md
View File

@ -6,16 +6,13 @@ This repository is a collaborative effort to improve the state of information sh
## Information sharing and cooperation enabled by GDPR
The General Data Protection Regulation (GDPR) aims to reduce legal uncertainty and limit the interpretations by setting out clear rules and conditions for the processing and sharing of personal data as well as t
he protection of natural persons with regard to the processing of personal data. Organisations must ensure that, they process only the minimum amount of personal data necessary to achieve their lawful processing
purposes. To this end, the GDPR distinguishes the roles and obligations of data processors and data controllers, provides precise definitions of personal data and establishes the conditions under which informat
ion can be shared.
The General Data Protection Regulation (GDPR) aims to reduce legal uncertainty and limits the interpretations by setting out clear rules and conditions for the processing and sharing of personal data as well as the protection of natural persons with regard to the processing of personal data. Organisations must ensure that they process only the minimum amount of personal data necessary to achieve their lawful processing purposes. To this end, the GDPR distinguishes the roles and obligations of data processors and data controllers, provides precise definitions of personal data and establishes the conditions under which information can be shared.
National and governmental Computer Security Incident Response Team (n/g CSIRTs) are teams that serve the government of a country by helping with Critical Information Infrastructure Protection (CIIP). They coordinate incident management with the relevant stakeholders at national level, and cooperate with the national and governmental teams in other countries.
The [Malware Information Sharing and Threat Intelligence Sharing Platform (MISP)](https://www.misp-project.org/) is a software for sharing, storing and correlating indicators of compromise of targeted attacks, cybersecurity threats and financial fraud indicators, among which SHA1 hashes (a cryptographic function to fingerprint files), threat actor names and Bitcoin addresses. The MISP data model is composed of "events", which usually represent threats or incidents, which in turn are composed of a list of "attributes" (e.g. IP addresses, domain names etc..). Other data models exist in MISP such as "objects", which allow advanced combinations of attributes and "galaxies" which enable a deeper analysis and categorisation of events.
The [Malware Information Sharing and Threat Intelligence Sharing Platform (MISP)](https://www.misp-project.org/) is a software for sharing, storing and correlating indicators of compromise of targeted attacks, cybersecurity threats and financial fraud indicators, among which SHA1 hashes (a cryptographic function to fingerprint files), threat actor names and Bitcoin addresses. The MISP data model is composed of "events", which usually represent threats or incidents, which in turn are composed of a list of "attributes" (e.g. IP addresses, domain names etc..). Other data models exist in MISP such as "objects", which allow advanced combinations of attributes and "galaxies" which enable a deeper analysis and categorisation of events.
Information sharing communities are enabled using tools like MISP. As a Computer Security Incident Response Team for the private sector communes and non-governmental entities in Luxembourg, [CIRCL](https://www.circl.lu/) created and operates several communities to automate information sharing at national, European and international levels.
Information sharing communities are enabled using tools like MISP. As a Computer Security Incident Response Team for the private sector communes and non-governmental entities in Luxembourg, [CIRCL](https://www.circl.lu/) has created and operates several communities to automate information sharing at national, European and international levels.
- [Document in Markdown format](./GDPR/information_sharing_and_cooperation_gdpr.md)