Security Automation and

Terminology and Use Cases Status Report

David Harrington

IETF 88
–

Nov 4 2013

Security Automation and

Continuous Monitoring WG

Terminology Document


This document provides common terms used in the
other documents produced by SACM.


Draft
-
dbh
-
sacm
-
terminology accepted as WG draft.


Published as draft
-
ietf
-
sacm
-
terminology
-
00.


-
01
-

Added vulnerability, vulnerability management,
exposure, misconfiguration, and software flaw.

11/4/13

SACM WG IETF 88

2

Use Cases Document


This document provides a sampling of use cases
for
collecting, aggregating, and assessing data
to determine an
organization's security
posture.


From use
cases, we can derive common functional
networking capabilities
and
requirements for IETF
-
related
standards.


The scope of this document is limited to Enterprise
Security Posture Assessment
. Later documents can
address other scopes.


Existing IETF technologies might be suitable to address
some of these functions and requirements.

11/4/13

SACM WG IETF 88

3

Use Cases Status
-
00
-


Since IETF87


Draft
-
waltermire
-
sacm
-
use
-
cases accepted as WG draft
draft
-
ietf
-
sacm
-
use
-
cases
-
00


M
oved terminology section into draft
-
ietf
-
sacm
-
terminology
-
00


Removed requirements (to be put into draft
-
ietf
-
sacm
-
requirements
-
00)

11/4/13

SACM WG IETF 88

4

Use Cases Status
-
01
-


Changed

format of use cases to meet WG consensus


Rewrote section 3 content regarding asset

management to
focus on discrete uses of asset management


Added section 4
-

Functional Capabilities


Removed sections on asset discovery, components,

composition, resources and life cycle


Expanded asset identification, characterization, and de
-
confliction.


Added asset targeting.

11/4/13

SACM WG IETF 88

5

Use Cases Status
-
02
-


Changed

title


Removed section 4
–

this

should go into requirements
document.


Removed list of proposed functional capabilities from
section

3.
1


Removed requirements language


Rewrote the 4 use cases in this document to meet WG
format preferences.

11/4/13

SACM WG IETF 88

6

Use Cases
-
03
-


Expanded “typical workflow” description


Changed use of ambiguous “assessment” to separate
collection and
evaluation processes.


Added 10 use case

contributions.

11/4/13

SACM WG IETF 88

7

Use Cases
-
04
-
.


Added 4 use case

contributions.

11/4/13

SACM WG IETF 88

8

Use Cases in
-
04
-


Definition and Publication of Automatable Configuration
Guides


Automated Checklist Verification


Organizational Software Policy Compliance


Detection of Posture

D
eviations


Search for Signs of Infection


Remediation and Mitigation


Endpoint Information Analysis and Reporting

11/4/13

SACM WG IETF 88

9

Use Cases in
-
04
-


Asynchronous Compliance/Vulnerability Assessment


Vulnerable Endpoint Behavior


Compromised Endpoint Identification


Suspicious Endpoint Behavior


Traditional Endpoint

Assessment with Stored Results


NAC/NAP connection using endpoint evaluator


NAC/NAP connection using third
-
party evaluator

11/4/13

SACM WG IETF 88

10

Use Cases in
-
04
-


Repository Interactions
–

A Full Assessment


Repository Interactions
–

Filtered Data Assessment


Direct Human Retrieval of Ancillary Materials


Register with Repository for Immediate Notification of
New Security Vulnerability Content that Match a
Selection Filter

11/4/13

SACM WG IETF 88

11

Some Use Cases from
-
01
-

not in
-
04
-


NIDS Response


Historical Vulnerability


Source Address Validation


Event Driven Monitoring


Periodic Monitoring


Self
-
monitoring


Do these belong in use cases document?


Are these adequately captured in rewritten use cases?

11/4/13

SACM WG IETF 88

12

Issues


Should use cases be simplified?


Do

use cases need to be simplified?


Goal of use cases is to get user feedback and to have use
cases drive requirements.


Now we need to start extracting requirements wish
-
list.


Are these 18 use cases adequate for driving
requirements?

11/4/13

SACM WG IETF 88

13

Questions?

11/4/13

SACM WG IETF 88

14

Security Automation and

Σχόλια 0

Το κείμενο της παρουσίασης

Electric Power Analytics Consortium

GHANA INFRASTRUCTURE Energy, Water & Transport

An IPv6 Deployment Guide

TCP/IP Tutorial and Technical Overview - Bit-Twist

IPC/WG/22/2, rapport de la 22e session du Groupe de travail ... - WIPO

Network Protocols

OTN & Technologies Work Plan - ITU

Guidelines for the Secure Deployment of IPv6

NIST SP 800-119, Guidelines for the Secure Deployment of IPv6

Network Security Principles and Practices

Migrating to IPv6

06 - Service Transition v1.1x - LABKOM STIKOM Surabaya

Integrated Base Defense Security Systems

WebSphere Application Server V8.5 Concepts, Planning, and Design Guide

CCIE Professional Development Routing TCP IP Volume I 2nd ...

ITU-T Study Group 13 Future networks including mobile and NGN

4 The Grid Service - Open Grid Forum

Επικοινωνία:

Security Automation and

Σχόλια 0

Το κείμενο της παρουσίασης

Περισσότερα από τον χρήστη snowpeaschocolate

Σχετικό Περιεχόμενο