added first version of nis taxonomies

pull/107/head
iglocska 2018-07-18 15:04:04 +02:00
parent 6424d797e5
commit 9d70038030
5 changed files with 296 additions and 0 deletions

49
nis-impact/README.md Normal file
View File

@ -0,0 +1,49 @@
# Admiralty Scale
The Admiralty Scale (also called the NATO System) is used to rank the reliability of a source and
the credibility of an information.
## Source Reliability
<dl>
<dt>A</dt>
<dd>Completely reliable</dd>
<dt>B</dt>
<dd>Usually reliable<dd>
<dt>C</dt>
<dd>Fairly reliable </dd>
<dt>D</dt>
<dd>Not usually reliable</dd>
<dt>E</dt>
<dd>Unreliable</dd>
<dt>F<dt>
<dd>Reliability cannot be judged</dd>
</dl>
## Information Credibility
<dl>
<dt>1</dt>
<dd>Confirmed by other sources</dd>
<dt>2</dt>
<dd>Probably true</dd>
<dt>3</dt>
<dd>Possibly true</dd>
<dt>4</dt>
<dd>Doubtful</dd>
<dt>5</dt>
<dd>Improbable</dd>
<dt>6</dt>
<dd>Truth cannot be judged</dd>
</dl>
# Machine-parsable Admiralty Scale
The repository contains a [JSON file including the machine-parsable tags](machinetag.json)
along with their human-readable description. The software can use both
representation on the user-interface and store the tag as machine-parsable.
~~~~
admiralty-scale:source-reliability="b"
~~~~

129
nis-impact/machinetag.json Executable file
View File

@ -0,0 +1,129 @@
{
"namespace": "nis-impact",
"description": "This taxonomy is used to classify the impact of the incident, i.e. the impact it has on services, in which sector(s) of the economy and society.",
"version": 1,
"predicates": [
{
"value": "sectors-impacted",
"expanded": "Sectors impacted",
"description": "The impact on services, in the real world, indicating the sectors of the society and economy, where there is an impact on the services."
},
{
"value": "severity",
"expanded": "Severity of the impact",
"description": "The severity of the impact, nationally, in the real world, for society and/or the economy, i.e. the level of disruption for the country or a large region of the country, the level of risks for health and/or safety, the level of physical damages and/or financial costs."
},
{
"value": "outlook",
"expanded": "Outlook",
"description": "The outlook for the incident, the prognosis, for the coming hours, considering the impact in the real world, the impact on services, for the society and/or the economy"
}
],
"values": [
{
"predicate": "sectors-impacted",
"entry": [
{
"value": "energy",
"expanded": "Energy",
"description": "The impact is in the Energy sector and its subsectors such as electricity, oil, or gas, for example, impacting electricity suppliers, power plants, distribution system operators, transmission system operators, oil transmission, natural gas distribution, etc."
},
{
"value": "transport",
"expanded": "Transport",
"description": "The impact is in the transport sector and subsectors such as air, rail, water, road, for example, impacting air traffic control systems, railway companies, maritime port authorities, road traffic management systems, etc."
},
{
"value": "banking",
"expanded": "Banking",
"description": "The impact is in the Banking sector, for example impacting banks, online banking, credit services, payment services, etc."
},
{
"value": "financial",
"expanded": "Financial",
"description": "The impact is in the Financial market infrastructure sector, for example, impacting traders, trading platforms, clearing services, etc."
},
{
"value": "health",
"expanded": "Health",
"description": "The impact is in the Health sector, for example, impacting hospitals, medical devices, medicine supply, pharmacies, etc."
},
{
"value": "drinking-water",
"expanded": "Drinking water",
"description": "The impact is in the Drinking water supply and distribution sector, for example impacting drinking water supply, drinking water distribution systems, etc."
},
{
"value": "digital-infrastructure",
"expanded": "Digital infrastructure",
"description": "The impact is in the Digital infrastructure sector, for example impacting internet exchange points, domain name systems, top level domain registries, etc."
},
{
"value": "communications",
"expanded": "Communications",
"description": "The impact is in the Electronic communications sector, for example,impacting mobile network services, fixed telephone lines, satellite communications, etc."
},
{
"value": "digital-services",
"expanded": "Digital services",
"description": "The impact is in the digital services sector, for example, impacting cloud services, online market places, online search engines, etc."
},
{
"value": "trust-and-identification-services",
"expanded": "Trust and identification services",
"description": "The impact is in the electronic trust and identification services, for example, impacting certificate authorities, electronic identity systems, smartcards, etc."
},
{
"value": "government",
"expanded": "Government",
"description": "The impact is in the government sector, for example, impacting the functioning of public administrations, elections, or emergency services"
}
]
},
{
"predicate": "severity",
"entry": [
{
"value": "red",
"expanded": "Red",
"description": "Very large impact"
},
{
"value": "yellow",
"expanded": "Yellow",
"description": "Large impact."
},
{
"value": "green",
"expanded": "Green",
"description": "Minor impact."
},
{
"value": "white",
"expanded": "White",
"description": "No impact."
}
]
},
{
"predicate": "outlook",
"entry": [
{
"value": "improving",
"expanded": "Improving",
"description": "Severity of impact is expected to decrease in the next 6 hours."
},
{
"value": "stable",
"expanded": "Stable",
"description": "Severity of impact is expected to remain the same in the 6 hours."
},
{
"value": "worsening",
"expanded": "Worsening",
"description": "Severity of impact is expected to increase in the next 6 hours."
}
]
}
]
}

Binary file not shown.

49
nis-nature/README.md Normal file
View File

@ -0,0 +1,49 @@
# Admiralty Scale
The Admiralty Scale (also called the NATO System) is used to rank the reliability of a source and
the credibility of an information.
## Source Reliability
<dl>
<dt>A</dt>
<dd>Completely reliable</dd>
<dt>B</dt>
<dd>Usually reliable<dd>
<dt>C</dt>
<dd>Fairly reliable </dd>
<dt>D</dt>
<dd>Not usually reliable</dd>
<dt>E</dt>
<dd>Unreliable</dd>
<dt>F<dt>
<dd>Reliability cannot be judged</dd>
</dl>
## Information Credibility
<dl>
<dt>1</dt>
<dd>Confirmed by other sources</dd>
<dt>2</dt>
<dd>Probably true</dd>
<dt>3</dt>
<dd>Possibly true</dd>
<dt>4</dt>
<dd>Doubtful</dd>
<dt>5</dt>
<dd>Improbable</dd>
<dt>6</dt>
<dd>Truth cannot be judged</dd>
</dl>
# Machine-parsable Admiralty Scale
The repository contains a [JSON file including the machine-parsable tags](machinetag.json)
along with their human-readable description. The software can use both
representation on the user-interface and store the tag as machine-parsable.
~~~~
admiralty-scale:source-reliability="b"
~~~~

69
nis-nature/machinetag.json Executable file
View File

@ -0,0 +1,69 @@
{
"namespace": "nis-nature",
"description": "This taxonomy is used to classify the nature of the incident, i.e. the type of threat that triggered the incident, the severity of that threat.",
"version": 1,
"predicates": [
{
"value": "root-cause",
"expanded": "Root cause category",
"description": "The Root cause category is used to indicate what type event or threat triggered the incident."
},
{
"value": "severity",
"expanded": "Severity of the threat",
"description": "The severity of the threat is used to indicate, from a technical perspective, the potential impact, the risk associated with the threat. For example, the severity is high if an upcoming storm is exceptionally strong, if an observed DDoS attack is exceptionally powerful, or if a software vulnerability is easily exploited and present in many different systems. For example, in certain situations a critical software vulnerability would require concerted and urgent work by different organizations."
}
],
"values": [
{
"predicate": "root-cause",
"entry": [
{
"value": "system-failures",
"expanded": "System failures",
"description": "The incident is due to a failure of a system, i.e. without external causes. For example a hardware failure, software bug, a flaw in a procedure, etc. triggered the incident."
},
{
"value": "natural-phenomena",
"expanded": "Natural phenomena",
"description": "The incident is due to a natural phenomenon. For example a storm, lightning, solar flare, flood, earthquake, wildfire, etc. triggered the incident."
},
{
"value": "human-errors",
"expanded": "Human errors",
"description": "The incident is due to a human error, i.e. system worked correctly, but was used wrong. For example, a mistake, or carelessness triggered the incident."
},
{
"value": "malicious-actions",
"expanded": "Malicious actions",
"description": "The incident is due to a malicious action. For example, a cyber-attack or physical attack, vandalism, sabotage, insider attack, theft, etc., triggered the incident."
},
{
"value": "third-party-failures",
"expanded": "Third party failures",
"description": "The incident is due to a disruption of a third party service, like a utility. For example a power cut, or an internet outage, etc. triggered the incident."
}
]
},
{
"predicate": "severity",
"entry": [
{
"value": "high",
"expanded": "High",
"description": "High severity, potential impact is high."
},
{
"value": "medium",
"expanded": "Medium",
"description": "Medium severity, potential impact is medium."
},
{
"value": "high",
"expanded": "High",
"description": "Low severity, potential impact is low."
}
]
}
]
}