TERENA'S Incident Object Description and Exchange Format Requirements

Arvidsson, J.; Cormack, Alastair N.; Demchenko, Yuri; Meijer, J.J.C.

doi:10.17487/rfc3067

Cited by 14 publications

(6 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…This, off course, implies a secure channel and a protocol for the communication. Today, cfengine offers a framework for the communication, and there is also research going on to define a standard format for intrusion detection (Intrusion Detection Message Exchange Format -IDMEF) [7].…”

Section: Discussionmentioning

confidence: 99%

A Scaled, Immunological Approach to Anomaly Countermeasures

Begnum

Burgess

2003

Integrated Network Management VIII

View full text Add to dashboard Cite

We discuss the combination of two anomaly detection models, the Linux kernel module pH and cfengine, in order to create a multi-scaled approach to computer anomaly detection with automated response. By examining the time-average data from pH, we find the two systems to be conceptually complementary and to have compatible data models. Based on these findings, we build a simple prototype system and comment on how the same model could be extended to include other anomaly detection mechanisms.

show abstract

Section: Discussionmentioning

confidence: 99%

A Scaled, Immunological Approach to Anomaly Countermeasures

Begnum

Burgess

2003

Integrated Network Management VIII

View full text Add to dashboard Cite

show abstract

“…• eCIRT.net Incident Taxonomy (Stikvoort et al, 2015): supersedes the older taxonomy classification by Arvidsson, Cormack, Demchenko and Meijer (2001) and defines incident taxonomy via 11 main classifications (with sub-classifications) and guides teams towards configuration of information Teams (FIRST) protocol that provides an intuitive schema for indicating when and how sensitive information is shared, facilitating effective collaboration (FIRST, 2016). E-mail subjects and document headers/footers must be labelled as follows when shared between entities:…”

Section: Incident Management Standards Maturity Standardsmentioning

confidence: 99%

Best Practices for Establishment of a National Information Security Incident Management Capability (ISIMC)

Pretorius

Ngejane

2019

Afr. j. inf. commun. (Online)

View full text Add to dashboard Cite

The South African Government's National Cybersecurity Policy Framework (NCPF) of 2012 provides for the establishment of a national computer security incident response team (CSIRT) in the form of the National Cybersecurity Hubmore correctly referred to as an information security incident management capability (ISIMC). Among other things, the National Cybersecurity Hub is mandated to serve as a high-level national ISIMC that works in collaboration with sector ISIMCs to improve South Africa's critical infrastructure security. In this article, we identify standards, policies, procedures and best practices regarding the establishment of ISIMCs, and we provide recommendations for South Africa's deployment of an ISIMC collaboration network.

show abstract

“…Per [RFC3067], an attack is "an assault on system security that derives from an intelligent threat, i.e., an intelligent act that is a deliberate attempt (especially in the sense of a method or technique) to evade security services and violate the security policy of a system. "…”

Section: Threats and Attacksmentioning

confidence: 99%