ITU-T X 1500 AMD 2-2012 Overview of cybersecurity information exchange Amendment 2 Revised structured cybersecurity information exchange techniques (Study Group 17)《网络安全信息交换综述 修改件2.pdf

上传人:postpastor181 文档编号:804692 上传时间:2019-02-04 格式:PDF 页数:18 大小:96.41KB
下载 相关 举报
ITU-T X 1500 AMD 2-2012 Overview of cybersecurity information exchange Amendment 2 Revised structured cybersecurity information exchange techniques (Study Group 17)《网络安全信息交换综述 修改件2.pdf_第1页
第1页 / 共18页
ITU-T X 1500 AMD 2-2012 Overview of cybersecurity information exchange Amendment 2 Revised structured cybersecurity information exchange techniques (Study Group 17)《网络安全信息交换综述 修改件2.pdf_第2页
第2页 / 共18页
ITU-T X 1500 AMD 2-2012 Overview of cybersecurity information exchange Amendment 2 Revised structured cybersecurity information exchange techniques (Study Group 17)《网络安全信息交换综述 修改件2.pdf_第3页
第3页 / 共18页
ITU-T X 1500 AMD 2-2012 Overview of cybersecurity information exchange Amendment 2 Revised structured cybersecurity information exchange techniques (Study Group 17)《网络安全信息交换综述 修改件2.pdf_第4页
第4页 / 共18页
ITU-T X 1500 AMD 2-2012 Overview of cybersecurity information exchange Amendment 2 Revised structured cybersecurity information exchange techniques (Study Group 17)《网络安全信息交换综述 修改件2.pdf_第5页
第5页 / 共18页
点击查看更多>>
资源描述

1、 International Telecommunication Union ITU-T X.1500TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU Amendment 2(09/2012) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Cybersecurity information exchange Overview of cybersecurity Overview of cybersecurity information exchange Amendme

2、nt 2: Revised structured cybersecurity information exchange techniques Recommendation ITU-T X.1500 (2011) Amendment 2 ITU-T X-SERIES RECOMMENDATIONS DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS X.1X.199 OPEN SYSTEMS INTERCONNECTION X.200X.299 INTERWORKING BETWEEN NETWO

3、RKS X.300X.399 MESSAGE HANDLING SYSTEMS X.400X.499 DIRECTORY X.500X.599 OSI NETWORKING AND SYSTEM ASPECTS X.600X.699 OSI MANAGEMENT X.700X.799 SECURITY X.800X.849 OSI APPLICATIONS X.850X.899 OPEN DISTRIBUTED PROCESSING X.900X.999 INFORMATION AND NETWORK SECURITY General security aspects X.1000X.1029

4、 Network security X.1030X.1049 Security management X.1050X.1069 Telebiometrics X.1080X.1099 SECURE APPLICATIONS AND SERVICES Multicast security X.1100X.1109 Home network security X.1110X.1119 Mobile security X.1120X.1139 Web security X.1140X.1149 Security protocols X.1150X.1159 Peer-to-peer security

5、 X.1160X.1169 Networked ID security X.1170X.1179 IPTV security X.1180X.1199 CYBERSPACE SECURITY Cybersecurity X.1200X.1229 Countering spam X.1230X.1249 Identity management X.1250X.1279 SECURE APPLICATIONS AND SERVICES Emergency communications X.1300X.1309 Ubiquitous sensor network security X.1310X.1

6、339 CYBERSECURITY INFORMATION EXCHANGE Overview of cybersecurity X.1500X.1519Vulnerability/state exchange X.1520X.1539 Event/incident/heuristics exchange X.1540X.1549 Exchange of policies X.1550X.1559 Heuristics and information request X.1560X.1569 Identification and discovery X.1570X.1579 Assured e

7、xchange X.1580X.1589 For further details, please refer to the list of ITU-T Recommendations. Rec. ITU-T X.1500 (2011)/Amd.2 (09/2012) i Recommendation ITU-T X.1500 Overview of cybersecurity information exchange Amendment 2 Revised structured cybersecurity information exchange techniques Summary Amen

8、dment 2 to Recommendation ITU-T X.1500 (2011) provides a list of structured cybersecurity information techniques that have been created to be continually updated as these techniques evolve, expand, are newly identified or are replaced. The list follows the outline provided in the body of the Recomme

9、ndation. This amendment reflects the situation of recommended techniques as of September 2012, including bibliographical references. History Edition Recommendation Approval Study Group 1.0 ITU-T X.1500 2011-04-20 17 1.1 ITU-T X.1500 (2011) Amd. 1 2012-03-02 17 1.2 ITU-T X.1500 (2011) Amd. 2 2012-09-

10、07 17 ii Rec. ITU-T X.1500 (2011)/Amd.2 (09/2012) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a per

11、manent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establ

12、ishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary stan

13、dards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this Recommendation is voluntary. However, the Rec

14、ommendation may contain certain mandatory provisions (to ensure, e.g., interoperability or applicability) and compliance with the Recommendation is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents

15、 are used to express requirements. The use of such words does not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTS ITU draws attention to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed

16、Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval of this Recommendation, ITU had not r

17、eceived notice of intellectual property, protected by patents, which may be required to implement this Recommendation. However, implementers are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T

18、/ipr/. ITU 2012 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. Rec. ITU-T X.1500 (2011)/Amd.2 (09/2012) 1 Recommendation ITU-T X.1500 Overview of cybersecurity information exchange Amendment 2 Revised structur

19、ed cybersecurity information exchange techniques 1) Replace Appendix I with the appendix below. Appendix I Structured cybersecurity information exchange techniques (This appendix does not form an integral part of this Recommendation.) Table I.1 Techniques in the weakness, vulnerability and state exc

20、hange cluster Technique Description References Common vulnerabilities and exposures (CVE) Common vulnerabilities and exposures is a method for identifying and exchanging information security vulnerabilities and exposures, and provides common identifiers for publicly known problems. The goal of CVE i

21、s to make it easier to share data across separate vulnerability capabilities (tools, repositories, and services) with this “common enumeration“. CVE is designed to allow vulnerability databases and other resources to be linked together, and to facilitate the comparison of security tools and services

22、. As such, CVE does not contain information such as risk, impact, fix information, or detailed technical information. CVE only contains the standard identifier number with status indicator, a brief description, and references to related vulnerability reports and advisories. The intention of CVE is t

23、o be comprehensive with respect to all publicly known vulnerabilities and exposures. While CVE is designed to contain mature information, the primary focus is on identifying vulnerabilities and exposures that are detected by security tools, as well as identifying any new problems that become public,

24、 and then addressing any older security problems that require validation. b-ITU-T X.1520 2 Rec. ITU-T X.1500 (2011)/Amd.2 (09/2012) Table I.1 Techniques in the weakness, vulnerability and state exchange cluster Technique Description References Common vulnerability scoring system (CVSS) The common vu

25、lnerability scoring system process provides for an open framework for communicating the characteristics and impacts of ICT vulnerabilities. CVSS consists of three groups: base, temporal and environmental. Each group produces a numeric score ranging from 0 to 10, and a vector, a compressed textual re

26、presentation that reflects the values used to derive the score. The base group represents the intrinsic qualities of a vulnerability. The temporal group reflects the characteristics of a vulnerability that change over time. The environmental group represents the characteristics of a vulnerability th

27、at are unique to the environment of the user. CVSS enables ICT managers, vulnerability bulletin providers, security vendors, application vendors and researchers to all benefit by adopting a common language of scoring ICT vulnerabilities. b-ITU-T X.1521 Common weakness enumeration (CWE) Common weakne

28、ss enumeration is a process for identifying and exchanging unified, measurable sets of software weaknesses. CWE enables more effective discussion, description, selection, and use of software security tools and services that can find these weaknesses in source code and operational systems. It also pr

29、ovides for better understanding and management of software weaknesses related to architecture and design. CWE implementations are compiled and updated by a diverse, international group of experts from business, academia and government agencies, ensuring breadth and depth of content. CWE provides sta

30、ndardized terminology, allows service providers to inform users of specific potential weaknesses and proposed resolutions, and allows software buyers to compare similar products offered by multiple vendors. b-ITU-T X.1524 Common weakness scoring system (CWSS) The common weakness scoring system provi

31、des for an open framework for communicating the characteristics and impacts of software weakness. b-CWSS See Note. Rec. ITU-T X.1500 (2011)/Amd.2 (09/2012) 3 Table I.1 Techniques in the weakness, vulnerability and state exchange cluster Technique Description References Open vulnerability and assessm

32、ent language (OVAL) Open vulnerability and assessment language is an international specification effort to promote open and publicly available security content, and to standardize the transfer of this information across the entire spectrum of security tools and services. OVAL includes a language use

33、d to encode system details, and an assortment of content repositories held throughout the community. The language standardizes the three main steps of the assessment process: representing configuration information of systems for testing, analysing the system for the presence of the specified machine

34、 state (vulnerability, configuration, patch state, etc.), and reporting the results of this assessment. The repositories are collections of publicly available and open content that utilize the language. OVAL schemas written in XML have been developed to serve as the framework and vocabulary of the O

35、VAL language. These schemas correspond to the three steps of the assessment process: an OVAL system characteristics schema for representing system information, an OVAL definition schema for expressing a specific machine state, and an OVAL results schema for reporting the results of an assessment. b-

36、OVAL. See Note. Common platform enumeration (CPE) Common platform enumeration (CPE) is a standardized method to identify and describe the software systems and hardware devices present in an enterprises computing asset inventory. CPE provides: a naming specification, including the logical structure o

37、f well-formed CPE names and the procedures for binding and unbinding these names with machine-readable encodings; a matching specification, which defines procedures for comparing CPE names to determine whether they refer to some or all of the same products or platforms; and a dictionary specificatio

38、n, which defines the concept of a dictionary of identifiers and prescribes high-level rules for dictionary curators. b-ITU-T X.1528 b-ITU-T X.1528.1 b-ITU-T X.1528.2 b-ITU-T X.1528.3 b-ITU-T X.1528.4 Common configuration enumeration (CCE) Common configuration enumeration provides unique identifiers

39、to system configuration issues in order to facilitate fast and accurate correlation of configuration data across multiple information sources and tools. For example, CCE identifiers can be used to associate checks in configuration assessment tools with statements in configuration best-practice docum

40、ents. b-CCE See Note. NOTE ITU is currently considering the creation of an ITU-T Recommendation specifying this technique. 4 Rec. ITU-T X.1500 (2011)/Amd.2 (09/2012) Table I.2 Techniques relevant to the event, incident, and heuristics exchange cluster Technique Description References Common event ex

41、pression (CEE) Common event expression standardizes the way computer events are described, logged, and exchanged. By using CEEs common language and syntax, enterprise-wide log management, correlation, aggregation, auditing, and incident handling can be performed more efficiently and produce better r

42、esults. The primary goal of the effort is to standardize the representation and exchange of logs from electronic systems. CEE breaks the recording and exchanging of logs into four (4) components: the event taxonomy, log syntax, log transport, and logging recommendations. b-CEE See Note. Incident obj

43、ect description exchange format (IODEF) The incident object description exchange format defines a data representation that provides a standard format for the exchange of commonly exchanged information about computer security incidents. IODEF describes an information model and provides an associated

44、data model specified with XML schema. b-ITU-T X.1541 Extensions to IODEF for reporting Phishing This extends the incident object description exchange format to support the reporting of phishing events. Recommendation ITU-T X.1500 is intended to only describe techniques for commonly understood, assur

45、ed means for cybersecurity entities to exchange cybersecurity information, and does not include the uses of that information. b-IETF RFC 5901 Common attack pattern enumeration and classification (CAPEC) CAPEC is a specification method for the identification, description, and enumeration of attack pa

46、tterns. Attack patterns are a powerful mechanism to capture and communicate the attackers perspective. They are descriptions of common methods for exploiting software. They derive from the concept of design patterns applied in a destructive rather than constructive context and are generated from in-

47、depth analysis of specific real-world exploit examples. The objective of CAPEC is to provide a publicly available catalogue of attack patterns along with a comprehensive XML schema and classification taxonomy. b-CAPEC See Note. Malware attribution enumeration and characterization format The malware

48、attribution enumeration and characterization format (MAEC) is a formal language that includes a schema to provide both a syntax for the common vocabulary of enumerated attributes and behaviours, and an interchange format for structured information about these data elements. The enumerations are at d

49、ifferent levels of abstraction: low-level actions, mid-level behaviours and high-level mechanisms. At the lowest level, MAEC describes attributes tied to the basic functionality and low-level operation of malware. At the middle level, MAECs language organizes the aforementioned low-level actions into groups for the purpose of defining mid-level behaviours. At the more conceptual and high level, MAECs vocabulary allows for the construction of mechanisms that abstract clusters of mid-level malware behaviours b

展开阅读全文
相关资源
猜你喜欢
  • EN 6072-2010 en Aerospace series - Metallic materials - Test methods - Constant amplitude fatigue testing《航空航天系列 金属材料 试验方法 横幅疲劳试验》.pdf EN 6072-2010 en Aerospace series - Metallic materials - Test methods - Constant amplitude fatigue testing《航空航天系列 金属材料 试验方法 横幅疲劳试验》.pdf
  • EN 6075-2017 en Aerospace series - Static seal elements O-Ring ethylenepropylene moulded phosphate ester resistant (- 55 to 107 - Inch series《航空航天系列-静态密封O环乙烯基丙烯铸造抗磷酸盐酯(-55℃到107℃)-英.pdf EN 6075-2017 en Aerospace series - Static seal elements O-Ring ethylenepropylene moulded phosphate ester resistant (- 55 to 107 - Inch series《航空航天系列-静态密封O环乙烯基丙烯铸造抗磷酸盐酯(-55℃到107℃)-英.pdf
  • EN 6076-2017 en Aerospace series - Static seal elements O-Ring for straight thread tube fitting boss ethylene-propylene moulded phosphate ester resistant (-55 to 107 - Inch series《.pdf EN 6076-2017 en Aerospace series - Static seal elements O-Ring for straight thread tube fitting boss ethylene-propylene moulded phosphate ester resistant (-55 to 107 - Inch series《.pdf
  • EN 6080-2016 en Aerospace series - Rivet 100 ormal flush head close tolerance - Inch series《航空航天系列-紧公差100异径埋头铆钉-英寸系列》.pdf EN 6080-2016 en Aerospace series - Rivet 100 ormal flush head close tolerance - Inch series《航空航天系列-紧公差100异径埋头铆钉-英寸系列》.pdf
  • EN 6081-2016 en Aerospace series - Rivet universal head close tolerance - Inch series《航空航天系列-铆钉 通用头紧公差-英制系列》.pdf EN 6081-2016 en Aerospace series - Rivet universal head close tolerance - Inch series《航空航天系列-铆钉 通用头紧公差-英制系列》.pdf
  • EN 609-1-1999 1250 Agricultural and forestry machinery - Safety of log splitters - Part 1 Wedge splitters (Incorporates Amendment A2 2009)《农用和林业机械设备 原木分裂机的安全 第1部分 楔形分裂机 包含修改件A2-200.pdf EN 609-1-1999 1250 Agricultural and forestry machinery - Safety of log splitters - Part 1 Wedge splitters (Incorporates Amendment A2 2009)《农用和林业机械设备 原木分裂机的安全 第1部分 楔形分裂机 包含修改件A2-200.pdf
  • EN 609-1-2017 en Agricultural and forestry machinery - Safety of log splitters - Part 1 Wedge splitters《农林机械-劈木机的安全性-第1部分 楔形劈木机》.pdf EN 609-1-2017 en Agricultural and forestry machinery - Safety of log splitters - Part 1 Wedge splitters《农林机械-劈木机的安全性-第1部分 楔形劈木机》.pdf
  • EN 609-2-1999 en Agricultural and forestry machinery - Safety of log splitters - Part 2 Screw splitters (Incorporates Amendment A1 2009)《农用和林业机械设备 原木分裂机的安全 第2部分 螺旋分裂机 包含修改件A1-2009》.pdf EN 609-2-1999 en Agricultural and forestry machinery - Safety of log splitters - Part 2 Screw splitters (Incorporates Amendment A1 2009)《农用和林业机械设备 原木分裂机的安全 第2部分 螺旋分裂机 包含修改件A1-2009》.pdf
  • EN 6090-2016 en Aerospace series - Washer retaining《航空航天系列-垫圈 保留》.pdf EN 6090-2016 en Aerospace series - Washer retaining《航空航天系列-垫圈 保留》.pdf
  • 相关搜索

    当前位置:首页 > 标准规范 > 国际标准 > 其他

    copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
    备案/许可证编号:苏ICP备17064731号-1