From cb7514d2ccbfa758da91074020764297e1264757 Mon Sep 17 00:00:00 2001 From: Schneider Date: Thu, 22 Mar 2018 10:08:03 +0100 Subject: [PATCH 1/3] Additional taxonomies and feature for "Criticality" and "Sensitivity reduction" --- .../misp-sharing-information-following-ISO-IEC-27010.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/ISO_IEC_27010/misp-sharing-information-following-ISO-IEC-27010.md b/ISO_IEC_27010/misp-sharing-information-following-ISO-IEC-27010.md index fb3f94a..87371b6 100644 --- a/ISO_IEC_27010/misp-sharing-information-following-ISO-IEC-27010.md +++ b/ISO_IEC_27010/misp-sharing-information-following-ISO-IEC-27010.md @@ -278,7 +278,7 @@ MISP has asset management tools build into it. For example, taxonomies can be us
  • The analyst experience taxonomy can be used to assess the credibility of an analysis of an event.
  • The likelihood-probability taxonomy can also be used to measure the credibility of an event.
  • The correlation feature and sightings can also help assessing the credibility of an event.
    • -
  • Whitelist and Warning lists improve false positive detection
    • +
  • Whitelist and Warning lists improve false positive detection.
    • @@ -295,6 +295,8 @@ MISP has asset management tools build into it. For example, taxonomies can be us @@ -329,7 +331,7 @@ MISP has asset management tools build into it. For example, taxonomies can be us Sensitivity reduction (8.4.4) From 675ff2b113c56c837f74a2ed535186040ba975eb Mon Sep 17 00:00:00 2001 From: remg427 Date: Sun, 25 Mar 2018 22:40:25 +0200 Subject: [PATCH 2/3] Update README.md --- README.md | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index fd54cfd..973053f 100644 --- a/README.md +++ b/README.md @@ -6,16 +6,13 @@ This repository is a collaborative effort to improve the state of information sh ## Information sharing and cooperation enabled by GDPR -The General Data Protection Regulation (GDPR) aims to reduce legal uncertainty and limit the interpretations by setting out clear rules and conditions for the processing and sharing of personal data as well as t -he protection of natural persons with regard to the processing of personal data. Organisations must ensure that, they process only the minimum amount of personal data necessary to achieve their lawful processing - purposes. To this end, the GDPR distinguishes the roles and obligations of data processors and data controllers, provides precise definitions of personal data and establishes the conditions under which informat - ion can be shared. +The General Data Protection Regulation (GDPR) aims to reduce legal uncertainty and limits the interpretations by setting out clear rules and conditions for the processing and sharing of personal data as well as the protection of natural persons with regard to the processing of personal data. Organisations must ensure that they process only the minimum amount of personal data necessary to achieve their lawful processing purposes. To this end, the GDPR distinguishes the roles and obligations of data processors and data controllers, provides precise definitions of personal data and establishes the conditions under which information can be shared. National and governmental Computer Security Incident Response Team (n/g CSIRTs) are teams that serve the government of a country by helping with Critical Information Infrastructure Protection (CIIP). They coordinate incident management with the relevant stakeholders at national level, and cooperate with the national and governmental teams in other countries. - The [Malware Information Sharing and Threat Intelligence Sharing Platform (MISP)](https://www.misp-project.org/) is a software for sharing, storing and correlating indicators of compromise of targeted attacks, cybersecurity threats and financial fraud indicators, among which SHA1 hashes (a cryptographic function to fingerprint files), threat actor names and Bitcoin addresses. The MISP data model is composed of "events", which usually represent threats or incidents, which in turn are composed of a list of "attributes" (e.g. IP addresses, domain names etc..). Other data models exist in MISP such as "objects", which allow advanced combinations of attributes and "galaxies" which enable a deeper analysis and categorisation of events. +The [Malware Information Sharing and Threat Intelligence Sharing Platform (MISP)](https://www.misp-project.org/) is a software for sharing, storing and correlating indicators of compromise of targeted attacks, cybersecurity threats and financial fraud indicators, among which SHA1 hashes (a cryptographic function to fingerprint files), threat actor names and Bitcoin addresses. The MISP data model is composed of "events", which usually represent threats or incidents, which in turn are composed of a list of "attributes" (e.g. IP addresses, domain names etc..). Other data models exist in MISP such as "objects", which allow advanced combinations of attributes and "galaxies" which enable a deeper analysis and categorisation of events. -Information sharing communities are enabled using tools like MISP. As a Computer Security Incident Response Team for the private sector communes and non-governmental entities in Luxembourg, [CIRCL](https://www.circl.lu/) created and operates several communities to automate information sharing at national, European and international levels. +Information sharing communities are enabled using tools like MISP. As a Computer Security Incident Response Team for the private sector communes and non-governmental entities in Luxembourg, [CIRCL](https://www.circl.lu/) has created and operates several communities to automate information sharing at national, European and international levels. - [Document in Markdown format](./GDPR/information_sharing_and_cooperation_gdpr.md) From 597320374e813724143fca1d6989e2e046db1ebb Mon Sep 17 00:00:00 2001 From: circlsupportuser Date: Mon, 26 Mar 2018 16:44:16 +0200 Subject: [PATCH 3/3] Add taxonomy "infrastructure-state" for "Sensitivity reduction" requirement --- .../misp-sharing-information-following-ISO-IEC-27010.md | 1 + 1 file changed, 1 insertion(+) diff --git a/ISO_IEC_27010/misp-sharing-information-following-ISO-IEC-27010.md b/ISO_IEC_27010/misp-sharing-information-following-ISO-IEC-27010.md index 27c33d5..aff173b 100644 --- a/ISO_IEC_27010/misp-sharing-information-following-ISO-IEC-27010.md +++ b/ISO_IEC_27010/misp-sharing-information-following-ISO-IEC-27010.md @@ -333,6 +333,7 @@ MISP has asset management tools build into it. For example, taxonomies can be us
    • Sightings in MISP can be used to evaluate the value of an attribute over time. Especially sightings of type "Expiration" can be added to an attribute to indicate that the attribute has lost value (e.g. URLs which have been cleaned after some time).
      • +
    • The MISP infrastructure-state taxonomy can also indicate if the adversary infrastructure at the event or attribute level is still active or is down.