CHAPTER 8

USING A COMMON LANGUAGE FOR COMPUTER SECURITY INCIDENT INFORMATION

John D. Howard

8.1 INTRODUCTION

8.2 WHY A COMMON LANGUAGE IS NEEDED

8.3 DEVELOPMENT OF THE COMMON LANGUAGE

8.4 COMPUTER SECURITY INCIDENT INFORMATION TAXONOMY

8.4.1 Events

8.4.2 Attacks

8.4.3 Full Incident Information Taxonomy

8.5 ADDITIONAL INCIDENT INFORMATION TERMS

8.5.1 Success and Failure

8.5.2 Site and Site Name

8.5.3 Other Incident Terms

8.6 HOW TO USE THE COMMON LANGUAGE

8.7 NOTES

8.1 INTRODUCTION.

A computer security incident is some set of events that involves an attack or series of attacks at one or more sites. (See Section 8.4.3 for a more formal definition of the term “incident.”) Dealing with these incidents is inevitable for individuals and organizations at all levels of computer security. A major part of dealing with these incidents is recording and receiving incident information, which almost always is in the form of relatively unstructured text files. Over time, these files can end up containing a large quantity of very valuable information. Unfortunately, the unstructured form of the information often makes incident information difficult to manage and use.

This chapter presents the results of several efforts over the last few years to develop and propose a method to handle these unstructured, computer security incident records. Specifically, this chapter presents a tool designed to help individuals and organizations record, understand, and share computer security incident information. ...

Get Computer Security Handbook, Fifth Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.