XORCISM(Overview(and(Concepts(

XORCISM!
(

!
eXpandable!Open!Research!for!Cyber!Information!Security!Management!
(

XORCI...
XORCISM(Overview(and(Concepts(
(

Table!of!contents!
(
eXpandable!Open!Research!for!Cyber!Information!Security!Management!...
XORCISM(Overview(and(Concepts(

Common(Remediation(Enumeration((CRE)(........................................................
XORCISM(Overview(and(Concepts(

NIST(SP(800Y37(..............................................................................
XORCISM(Overview(and(Concepts(

STIGs:(Defense(Information(Systems(Agency(Security(Technical(Implementation(Guides(..........
XORCISM(Overview(and(Concepts(

IOCExtractor(................................................................................
XORCISM(Overview(and(Concepts(

Wireshark(...................................................................................
XORCISM(Overview(and(Concepts(

COTS:(CommercialYoffYtheYshelf(..............................................................
XORCISM(Overview(and(Concepts(

DMZ:(Demilitarized(zone(.....................................................................
XORCISM(Overview(and(Concepts(

IOC:(Indicator(of(Compromise(................................................................
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Xorcism overview concepts_20140309
Upcoming SlideShare
Loading in …5
×

Xorcism overview concepts_20140309

2,406 views
2,310 views

Published on

eXpandable Open Research for Cyber Information Security Management
Cybersecurity Data Model

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,406
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
26
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Xorcism overview concepts_20140309

  1. 1. XORCISM(Overview(and(Concepts( XORCISM! ( ! eXpandable!Open!Research!for!Cyber!Information!Security!Management! ( XORCISM(Data(Model( Overview(and(Concepts( Version(1.0.0(Beta( DRAFT( ( ( ( ( ( ( ( ( ( ( Document(History( Classified:(Public( Status:(RC(Draft( ( ( ( Date( December(30,(2013( January(4,(2014( January(5,(2014( March(9,(2014( Author( Jerome(Athias( Jerome(Athias( Jerome(Athias( Jerome(Athias( Description( First(draft((1.0.0(Beta)( Public(preTrelease(for(peer(review( Minor(updates,(file(size(reduced( Updated(release( ( ( Reference:(http://www.frhack.org/research/xorcism.php( ( Please(consider(the(environment(before(printing.( ( The(MITRE(Corporation.(MITRE,(the(MITRE(logo,(CVE,(the(CVE(logo,(OVAL,(and(the(OVAL(logo(are(registered(trademarks(and(the(Making(Security(Measurable(logo,( CWE,(the(CWE(logo,(CAPEC,(the(CAPEC(logo,(CEE,(the(CEE(logo,(MAEC,(the(MAEC(logo,(CWSS,(the(CWSS(logo,(CWRAF,(the(CWRAF(logo,(CybOX,(the(CybOX(logo,(STIX,( the(STIX(logo,(TAXII,(the(TAXII(logo,(and(Recommendation(Tracker(are(trademarks(of(The(MITRE(Corporation.( All(other(marks,(trademarks(or(brands(are(the(property(of(their(respective(owners.( XORCISM(–(eXpandable(Open(Research(for(Cyber(Information(Security(Management( Copyright(©(2014(Jerome(Athias,(This(work(is(licensed(under(a(Creative(Commons(Attribution(4.0(International(License.( ( Page 1 of 179(
  2. 2. XORCISM(Overview(and(Concepts( ( Table!of!contents! ( eXpandable!Open!Research!for!Cyber!Information!Security!Management!...........................................................!1( Table(of(contents(................................................................................................................................................................................................................( ( 2 Abstract,(Introduction(and(Requirements(...........................................................................................................................................................(20( XORCISM(Database(Model(...........................................................................................................................................................................................(21( Introduction(........................................................................................................................................................................................................................(21( . Objectives(..............................................................................................................................................................................................................................(21( Abstraction(...........................................................................................................................................................................................................................(21( Mappings(..............................................................................................................................................................................................................................(22( . Internationalization(........................................................................................................................................................................................................(24( Use(Cases(...............................................................................................................................................................................................................................(30( Benefits(..................................................................................................................................................................................................................................(33( XORCISM(Core(Entities(....................................................................................................................................................................................................(37( XORCISM(Normalized/Standardized(Entities/Objects(.....................................................................................................................................(47( XORCISM(Vulnerability(Data(Model(..........................................................................................................................................................................(48( XORCISM(Key(Entities/Objects/Concepts/Properties(.......................................................................................................................................(49( XORCISM(Internal(Entities/Objects/Concepts/Properties(..............................................................................................................................(51( XORCISM(Other(Entities/Objects/Concepts/Properties(...................................................................................................................................(56( Specifications/Standards/Frameworks/Methodologies/Guidelines/Models/Languages/Formats(........................................(85( . ANSI/API(Standard(780(methodology(.....................................................................................................................................................................(85( ANSI/TIA/EIAY94:(The(Telecommunications(Infrastructure(Standard(for(Data(Centers((................................................................(85( Architectural(Model(.........................................................................................................................................................................................................(85( Asset(Identification((AI)(.................................................................................................................................................................................................(85( Asset(Reporting(Format((ARF)(....................................................................................................................................................................................(86( Asset(Summary(Reporting((ASR)(................................................................................................................................................................................(86( AWS(Security(Best(Practices(.........................................................................................................................................................................................(86( BPCYRMS(...............................................................................................................................................................................................................................(87( . BSIMM((Building(Security(In(Maturity(Model)(....................................................................................................................................................(87( . Build(Security(In((BSI)(.....................................................................................................................................................................................................(87( Business(Process(Framework((eTOM)(......................................................................................................................................................................(87( CAESARS((Continuous(Asset(Evaluation,(Situational(Awareness,(and(Risk(Scoring)(architectural(reference(.........................(89( CAESARS(Framework(Extension:(An(Enterprise(Continuous(Monitoring(Technical(Reference(Model(........................................(89( CAP:(Common(Alerting(Protocol(.................................................................................................................................................................................(90( CAPEC:(Common(Attack(Pattern(Enumeration(and(Classification(.............................................................................................................(90( . CCE((Common(Configuration(Enumeration)(........................................................................................................................................................(90( . CCS((Council(on(CyberSecurity)(..................................................................................................................................................................................(90( CDXI(.........................................................................................................................................................................................................................................(91( CEE((Common(Event(Expression)(...............................................................................................................................................................................(91( CERT(Resilience(Management(Model((CERTYRMM)(..........................................................................................................................................(92( . Collective(Intelligence(Framework((CIF)(................................................................................................................................................................(92( CIS(Benchmarks(.................................................................................................................................................................................................................(92( CloudAudit(............................................................................................................................................................................................................................(92( Cloud(Controls(Matrix((CCM)(.......................................................................................................................................................................................(92( Cloud(Trust(Protocol((CTP)(...........................................................................................................................................................................................(92( CMMI(.......................................................................................................................................................................................................................................(92( COBIT(......................................................................................................................................................................................................................................(92( Common(Configuration(Scoring(System((CCSS)(..................................................................................................................................................(93( . XORCISM(–(eXpandable(Open(Research(for(Cyber(Information(Security(Management( Copyright(©(2014(Jerome(Athias,(This(work(is(licensed(under(a(Creative(Commons(Attribution(4.0(International(License.( ( Page 2 of 179(
  3. 3. XORCISM(Overview(and(Concepts( Common(Remediation(Enumeration((CRE)(...........................................................................................................................................................(93( Consensus(Assessments(Initiative((CAI)(Questionnaire(....................................................................................................................................(93( COSO((Committee(of(Sponsoring(Organizations)(................................................................................................................................................(93( CPE((Common(Platform(Enumeration)(...................................................................................................................................................................(93( CVE((Common(Vulnerabilities(and(Exposures)(....................................................................................................................................................(93( CVRF((Common(Vulnerability(Reporting(Framework)(.....................................................................................................................................(94( CVSS((Common(Vulnerability(Scoring(System)(....................................................................................................................................................(95( CWE((Common(Weaknesses(and(Exposures)(........................................................................................................................................................(96( CWRAF:(Common(Weakness(Risk(Analysis(Framework(...................................................................................................................................(97( CWSS:(Common(Weakness(Scoring(System(...........................................................................................................................................................(97( Cybersecurity(Framework(.............................................................................................................................................................................................(97( CybOX((Cyber(Observable(eXpression)(.....................................................................................................................................................................(97( Dependency(Modeling((OYDM)(....................................................................................................................................................................................(97( Distributed(Audit(Service((XDAS)(...............................................................................................................................................................................(97( DoD(Information(Assurance(Risk(Management(Framework((DIARMF)(...................................................................................................(97( DPE((Default(Password(Enumeration)(....................................................................................................................................................................(97( Electricity(Subsector(Cybersecurity(Capability(Maturity(Model((ESYC2M2)(...........................................................................................(98( Factor(Analysis(of(Information(Risk((FAIR)(...........................................................................................................................................................(98( FrameworkX(........................................................................................................................................................................................................................(98( GrammYLeachYBliley(Act((GLBA)(................................................................................................................................................................................(98( GRC(Stack((Governance,(Risk(Management(and(Compliance)(......................................................................................................................(98( Guidelines(for(Small(Data(Centers(and(Dedicated(Computer(Rooms,(QYCERT(.......................................................................................(98( ICS(Security(Standard((Qatar)(.....................................................................................................................................................................................(98( IEC/FDIS(31010(Risk(management(–(Risk(assessment(techniques(.............................................................................................................(99( IFX(Forum(Framework(...................................................................................................................................................................................................(99( . Information(Risk(Analysis(Methodology((IRAM)(.................................................................................................................................................(99( Intermediary(Vulnerability(Information(Language((IVIL)(.............................................................................................................................(99( Internet(Users'(Glossary((RFC1392)(..........................................................................................................................................................................(99( Intrusion(Detection(Message(Exchange(Format((IDMEF)(...............................................................................................................................(99( IODEF((Incident(Object(Description(Exchange(Format)(..................................................................................................................................(99( iPost(Scoring(Methodology(...........................................................................................................................................................................................(99( ISA(99.02.01(.........................................................................................................................................................................................................................(99( ISAE(3402(..........................................................................................................................................................................................................................(100( ISO(3166((Country(Codes)(..........................................................................................................................................................................................(100( ISO(27000/ISO(27001(Information(Security(Risk(Management(System(................................................................................................(100( ISO/IEC(Information(technology(–(Security(techniques(................................................................................................................................(100( ISO/IEC(15504(.................................................................................................................................................................................................................(101( ISO/IEC(19770(.................................................................................................................................................................................................................(102( ISO(31000(Enterprise(Management(.......................................................................................................................................................................(102( ISO/FDIS(31000:2009(–(Risk(Management(–(Principles(and(Guidelines(...............................................................................................(102( ISO/IEC(27001(.................................................................................................................................................................................................................(103( Key(Management(Interoperability(Protocol((KMIP)(TC(................................................................................................................................(105( LINDDUN(...........................................................................................................................................................................................................................(105( MAEC((Malware(Attribute(Enumeration(and(Characterization)(.............................................................................................................(105( . Malware(Metadata(Exchange(Format((MMDEF)(............................................................................................................................................(105( . NERC(CIP((North(American(Electric(Reliability(Corporation,(Critical(Infrastructure(Protection)(............................................(106( Network(Defense(Data(Models((NDDM)(...............................................................................................................................................................(106( NISTIR(7849(.....................................................................................................................................................................................................................(106( NIST(Risk(Management(Framework((RMF)(.......................................................................................................................................................(106( NIST(SP(500Y291(.............................................................................................................................................................................................................(106( NIST(SP(800Y34(...............................................................................................................................................................................................................(106( XORCISM(–(eXpandable(Open(Research(for(Cyber(Information(Security(Management( Copyright(©(2014(Jerome(Athias,(This(work(is(licensed(under(a(Creative(Commons(Attribution(4.0(International(License.( ( Page 3 of 179(
  4. 4. XORCISM(Overview(and(Concepts( NIST(SP(800Y37(...............................................................................................................................................................................................................(106( NIST(SP(800Y39(...............................................................................................................................................................................................................(106( NIST(SP(800Y53(Rev.(4(..................................................................................................................................................................................................(106( NIST(SP(800Y64((SDLC)(................................................................................................................................................................................................(107( NRF:(U.S.(National(Response(Framework(............................................................................................................................................................(109( OAuth((Open(standard(for(Authorization),(OAuth(Framework(.................................................................................................................(109( OASIS(AVDL:(Application(Vulnerability(Description(Language(.................................................................................................................(110( OASIS(Customer(Information(Quality(Committee((CIQ)(................................................................................................................................(110( OASIS(KMIP:(Key(Management(Interoperability(Protocol(Specification(...............................................................................................(110( OASIS(SAML:(Security(Assertion(Markup(Language(.......................................................................................................................................(110( OASIS(UDDI:(Universal(Description,(Discovery(and(Integration(...............................................................................................................(110( OASIS(Web(Services((WSY*)(Security(.....................................................................................................................................................................(110( . OASIS(XACML:(eXtensible(Access(Control(Markup(Language(.....................................................................................................................(110( OASIS(xCIL(:(extensible(Customer(Information(Language(...........................................................................................................................(110( . OASIS(xCRL(:(extensible(Customer(Relationships(Language(.......................................................................................................................(110( OASIS(xNAL(:(extensible(Name(and(Address(Language(.................................................................................................................................(110( OASIS(xNL(..........................................................................................................................................................................................................................(110( OCIL((Open(Checklist(Interactive(Language)(.....................................................................................................................................................(110( OCSFP(Open(Cybersecurity(Framework(Project(...............................................................................................................................................(110( OCTAVE(...............................................................................................................................................................................................................................(110( ODRL:(Open(Digital(Rights(Language(...................................................................................................................................................................(111( Open(Automated(Compliance(Expert(Markup(Language((OYACEML)(....................................................................................................(111( Open(Checklist(Interactive(Language((OCIL)(.....................................................................................................................................................(111( OpenID(................................................................................................................................................................................................................................(111( Open(Information(Security(Management(Maturity(Model((OYISM3)(......................................................................................................(111( OpenIOC(..............................................................................................................................................................................................................................(111( OpenSAMM((Software(Assurance(Maturity(Model)(........................................................................................................................................(111( Open(Source(Security(Testing(Methodology(Manual((OSSTMM)(..............................................................................................................(111( Open(Threat(Exchange((OTX)(...................................................................................................................................................................................(111( Open(Trusted(Technology(Provider(Standard((OYTTPS)(...............................................................................................................................(111( OVAL((Open(Vulnerability(and(Assessment(Language)(.................................................................................................................................(111( OWASP(................................................................................................................................................................................................................................(112( OWASP(ASVS((Application(Security(Verification(Standard(Project)(.......................................................................................................(112( OWASP(Testing(Guide(...................................................................................................................................................................................................(113( PCI(DSS:(Payment(Card(Industry(Data(Security(Standard(...........................................................................................................................(114( Penetration(Testing(Execution(Standard((PTES)(.............................................................................................................................................(114( Predictive(Model(Markup(Language((PMML)(...................................................................................................................................................(114( RID:(RealYtime(InterYnetwork(Defense(protocol(...............................................................................................................................................(114( RIPE(Framework(............................................................................................................................................................................................................(114( Risk(Taxonomy((OYRT)(.................................................................................................................................................................................................(114( SABSA:(Sherwood(Applied(Business(Security(Architecture(..........................................................................................................................(114( SCAMPI:(Standard(CMMI(Appraisal(Method(for(Process(Improvement(.................................................................................................(115( SCAP((Security(Content(Automation(Protocol)(.................................................................................................................................................(115( Security(Description(and(Exchange(Format((SecDEF)(..................................................................................................................................(115( SES(Y(Security(Event(System(.......................................................................................................................................................................................(116( Situational(Awareness(Reference(Architecture((SARA)(................................................................................................................................(116( Software(Assurance((SwA)(Competency(Model(................................................................................................................................................(116( . Software(Defined(Perimeter((SDP)(.........................................................................................................................................................................(117( SPDX:(Software(Package(Data(Exchange®(........................................................................................................................................................(117( SSAE(16(...............................................................................................................................................................................................................................(117( STAR((Security,(Trust(&(Assurance(Registry)(....................................................................................................................................................(117( XORCISM(–(eXpandable(Open(Research(for(Cyber(Information(Security(Management( Copyright(©(2014(Jerome(Athias,(This(work(is(licensed(under(a(Creative(Commons(Attribution(4.0(International(License.( ( Page 4 of 179(
  5. 5. XORCISM(Overview(and(Concepts( STIGs:(Defense(Information(Systems(Agency(Security(Technical(Implementation(Guides(............................................................(117( STIX((Structured(Threat(Information(eXpression)(..........................................................................................................................................(118( Strategies(to(Mitigate(Targeted(Cyber(Intrusions(...........................................................................................................................................(119( STRIDE(Threat(Model(...................................................................................................................................................................................................(119( SQUARE((Security(Quality(Requirements(Engineering)(................................................................................................................................(119( SWID(Tags(.........................................................................................................................................................................................................................(120( TARA:(Threat(Agent(Risk(Assessment(....................................................................................................................................................................(120( TAXII((Trusted(Automated(eXchange(of(Indicator(Information)(..............................................................................................................(120( TOGAF(.................................................................................................................................................................................................................................(120( Traffic(Light(Protocol((TLP)(Matrix(.......................................................................................................................................................................(120( Trust(Model(for(Security(Automation(Data((TMSAD)(....................................................................................................................................(121( Val(IT(Framework(..........................................................................................................................................................................................................(121( VERIS:(Vocabulary(for(Event(Recording(and(Incident(Sharing(.................................................................................................................(121( . Web(Application(Security(Evaluation(Criteria(..................................................................................................................................................(121( Web(Application(Firewall((WAF)(Evaluation(Criteria(...................................................................................................................................(122( XCCDF:(Extensible(Configuration(Checklist(Description(Format(..............................................................................................................(122( XEPY0268:(Incident(Handling(...................................................................................................................................................................................(122( XML(Encryption(..............................................................................................................................................................................................................(122( . Zachman(Framework(...................................................................................................................................................................................................(122( XORCISM(Tools(..............................................................................................................................................................................................................(123( XORCISM(Database(conversion(script(...................................................................................................................................................................(123( XORCISM(DLL(...................................................................................................................................................................................................................(123( XORCISM(Import_capec(...............................................................................................................................................................................................(123( XORCISM(Import_cpe(....................................................................................................................................................................................................(123( XORCISM(Import_cve(....................................................................................................................................................................................................(123( XORCISM(Import_cwe(...................................................................................................................................................................................................(123( Other(Security(Tools(...................................................................................................................................................................................................(124( Tools(Repositories(..........................................................................................................................................................................................................(124( AbuseHelper(.....................................................................................................................................................................................................................(124( . Apache(Lucene(.................................................................................................................................................................................................................(124( Appcmd.exe(.......................................................................................................................................................................................................................(124( AppLocker(..........................................................................................................................................................................................................................(124( Aqueduct(............................................................................................................................................................................................................................(124( BitLocker(............................................................................................................................................................................................................................(125( BitMail(.................................................................................................................................................................................................................................(125( Bitmessage(........................................................................................................................................................................................................................(125( BroYIDS(...............................................................................................................................................................................................................................(125( . capirca(................................................................................................................................................................................................................................(125( CAT.NET(.............................................................................................................................................................................................................................(125( CIF2STIX(.............................................................................................................................................................................................................................(125( CISYCAT(...............................................................................................................................................................................................................................(125( CRAMS(.................................................................................................................................................................................................................................(125( Cuckoo(Sandbox(..............................................................................................................................................................................................................(126( dnshjmon(...........................................................................................................................................................................................................................(126( . EMET((Enhanced(Mitigation(Experience(Toolkit)(...........................................................................................................................................(126( ESAPI((OWASP(Enterprise(Security(API)(.............................................................................................................................................................(126( File(Vault(............................................................................................................................................................................................................................(126( Forensic(Toolkit((FTK)(.................................................................................................................................................................................................(126( GnuPG((GPG)(/(PGP(.......................................................................................................................................................................................................(126( grr(.........................................................................................................................................................................................................................................(126( hadoopYpcap(.....................................................................................................................................................................................................................(126( XORCISM(–(eXpandable(Open(Research(for(Cyber(Information(Security(Management( Copyright(©(2014(Jerome(Athias,(This(work(is(licensed(under(a(Creative(Commons(Attribution(4.0(International(License.( ( Page 5 of 179(
  6. 6. XORCISM(Overview(and(Concepts( IOCExtractor(....................................................................................................................................................................................................................(126( . Lumify(.................................................................................................................................................................................................................................(126( . Malware(Hash(Registry(...............................................................................................................................................................................................(127( MANTIS(...............................................................................................................................................................................................................................(127( Microsoft(System(Center(Configuration(Manager((SCCM)(...........................................................................................................................(127( MIDAS(..................................................................................................................................................................................................................................(127( MISP(.....................................................................................................................................................................................................................................(127( Minion(.................................................................................................................................................................................................................................(127( Moloch(.................................................................................................................................................................................................................................(127( Moon(Secure(Antivirus(.................................................................................................................................................................................................(127( Nfsight(.................................................................................................................................................................................................................................(127( Nmap(...................................................................................................................................................................................................................................(127( OCIL(Interpreter(.............................................................................................................................................................................................................(128( OpenDNS((DNSCrypt)(...................................................................................................................................................................................................(128( OpenSCAP(..........................................................................................................................................................................................................................(128( OpenVAS((Open(Vulnerability(Assessment(System)(........................................................................................................................................(128( . OpenVPN(............................................................................................................................................................................................................................(128( OSSEC(..................................................................................................................................................................................................................................(128( . OSSIM(..................................................................................................................................................................................................................................(128( OTR((OffYtheYRecord(Messaging)(............................................................................................................................................................................(128( OVAL(Interpreter((ovaldi)(..........................................................................................................................................................................................(128( OWASP(Projects(and(Guides(......................................................................................................................................................................................(128( pfSense(................................................................................................................................................................................................................................(128( Rekall(...................................................................................................................................................................................................................................(129( Request(Tracker((RT)(...................................................................................................................................................................................................(129( RIPS(......................................................................................................................................................................................................................................(129( RTIR((RT(for(Incident(Response)(.............................................................................................................................................................................(129( scapYsecurityYguide(.......................................................................................................................................................................................................(129( Scapy(....................................................................................................................................................................................................................................(129( Secpod(Saner(....................................................................................................................................................................................................................(129( Secunia(PSI(........................................................................................................................................................................................................................(129( Security(Onion((SO)(.......................................................................................................................................................................................................(129( Sguil(.....................................................................................................................................................................................................................................(129( . Shodan(................................................................................................................................................................................................................................(129( Silent(Phone(/(Silent(Text(...........................................................................................................................................................................................(129( Snorby(.................................................................................................................................................................................................................................(130( Snort(....................................................................................................................................................................................................................................(130( . Splunk(..................................................................................................................................................................................................................................(130( Spybot(2(Search(&(Destroy(.........................................................................................................................................................................................(130( SQLCipher(..........................................................................................................................................................................................................................(130( Squert(..................................................................................................................................................................................................................................(130( SRDF(Security(Research(and(Development(Framework(...............................................................................................................................(130( . sshuttle(................................................................................................................................................................................................................................(130( Suricata(..............................................................................................................................................................................................................................(130( ThreadFix(...........................................................................................................................................................................................................................(130( ThreatModeler(.................................................................................................................................................................................................................(130( Tor(........................................................................................................................................................................................................................................(130( . TrueCrypt(...........................................................................................................................................................................................................................(130( VirusTotal(..........................................................................................................................................................................................................................(131( Volatility(.............................................................................................................................................................................................................................(131( Whitetrash(........................................................................................................................................................................................................................(131( XORCISM(–(eXpandable(Open(Research(for(Cyber(Information(Security(Management( Copyright(©(2014(Jerome(Athias,(This(work(is(licensed(under(a(Creative(Commons(Attribution(4.0(International(License.( ( Page 6 of 179(
  7. 7. XORCISM(Overview(and(Concepts( Wireshark(..........................................................................................................................................................................................................................(131( WPYCLI(................................................................................................................................................................................................................................(131( XCCDF(Interpreter(.........................................................................................................................................................................................................(131( xdpdf(....................................................................................................................................................................................................................................(131( YARA(....................................................................................................................................................................................................................................(131( YETI(......................................................................................................................................................................................................................................(131( Acronyms/Terms/Definitions/Abbreviations/Symbols(............................................................................................................................(133( A&I(database:(Abstracting(and(Indexing(database(........................................................................................................................................(133( . ABAC:(Attribute(Based(Access(Control(..................................................................................................................................................................(133( ACL:(Access(Control(List(..............................................................................................................................................................................................(133( ADFS:(Active(Directory(Federation(Services(.......................................................................................................................................................(133( AES:(Advanced(Encryption(Standard(....................................................................................................................................................................(133( AET:(Advanced(Evasion(Techniques(......................................................................................................................................................................(133( . AI:(Artificial(Intelligence(.............................................................................................................................................................................................(133( AI:(Asset(Identification([5](..........................................................................................................................................................................................(133( AIC:(Asset(Identification(and(Classification(........................................................................................................................................................(133( AKE:(Authenticated(Key(Exchange(.........................................................................................................................................................................(133( ALE:(Annual(Loss(Expectancy(...................................................................................................................................................................................(133( AM:(Asset(Management(...............................................................................................................................................................................................(133( ANSI:(American(National(Standards(Institute(..................................................................................................................................................(133( ANSSI:(Agence(Nationale(de(la(Sécurité(des(Systèmes(d’Information((France)(.................................................................................(133( . APO:(Align,(Plan(and(Organize(.................................................................................................................................................................................(133( AppSec:(Application(Security(....................................................................................................................................................................................(134( APT:(Advanced(Persistent(Threat(...........................................................................................................................................................................(134( ARF:(Asset(Reporting(Format([6](............................................................................................................................................................................(134( ASC:(Application(Security(Control(...........................................................................................................................................................................(134( ASN:(Autonomous(System(Numbers(.......................................................................................................................................................................(134( ASP:(Application(Service(Provider(..........................................................................................................................................................................(134( ASVS:(Application(Security(Verification(Standard(Project(..........................................................................................................................(134( . BAF:(bandwidth(amplification(factor(....................................................................................................................................................................(134( BCP:(Business(Continuity(Program(.........................................................................................................................................................................(134( BIA:(Business(Impact(Analysis(..................................................................................................................................................................................(134( Bloom(filter(.......................................................................................................................................................................................................................(134( BOPS:(Buffer(Overflow(Prevention(Systems(........................................................................................................................................................(134( BSI:(British(Standards(Institute(...............................................................................................................................................................................(134( BSIMM:(Building(Security(In(Maturity(Model(....................................................................................................................................................(134( BYOD:(Bring(Your(Own(Device(.................................................................................................................................................................................(134( C&A:(Certification(and(Accreditation(....................................................................................................................................................................(134( C2:(Command(and(Control(.........................................................................................................................................................................................(134( CA:(Certification(Authority(.........................................................................................................................................................................................(134( CADF:(Cloud(Auditing(Data(Federation(Working(Group(..............................................................................................................................(134( CAESARS:(Continuous(Asset(Evaluation,(Situational(Awareness,(and(Risk(Scoring(architectural(reference(........................(134( CAI:(Consensus(Assessments(Initiative(..................................................................................................................................................................(134( CAP:(Common(Alerting(Protocol(..............................................................................................................................................................................(135( CC:(Common(Criteria(....................................................................................................................................................................................................(135( CCA:(Controller(of(Certifying(Authorities(.............................................................................................................................................................(135( CDIF:(CASE(Data(Interchange(Format(..................................................................................................................................................................(135( CERT:(Cyber(Emergency(Response(Team(............................................................................................................................................................(135( . CIA:(Confidentiality,(Integrity,(Availability(or(Authenticity(........................................................................................................................(135( CIS:(Center(for(Internet(Security(..............................................................................................................................................................................(135( CNIL:(Commission(Nationale(de(l’Informatique(et(des(Libertés((France)(.............................................................................................(135( XORCISM(–(eXpandable(Open(Research(for(Cyber(Information(Security(Management( Copyright(©(2014(Jerome(Athias,(This(work(is(licensed(under(a(Creative(Commons(Attribution(4.0(International(License.( ( Page 7 of 179(
  8. 8. XORCISM(Overview(and(Concepts( COTS:(CommercialYoffYtheYshelf(...............................................................................................................................................................................(135( CS&C:(U.S.(Office(of(Cybersecurity(and(Communications(..............................................................................................................................(135( CSA:(Cloud(Security(Alliance(......................................................................................................................................................................................(135( CC:(Common(Criteria(....................................................................................................................................................................................................(135( CCM:(Cloud(Controls(Matrix(......................................................................................................................................................................................(135( . CCS:(Council(on(CyberSecurity(..................................................................................................................................................................................(135( CCSA:(Collaborative(Cyber(Situational(Awareness(..........................................................................................................................................(135( CCV:(Cybersecurity(Compliance(Validations(......................................................................................................................................................(135( CDM:(Continuous(Diagnostics(and(Mitigation(program(...............................................................................................................................(135( CEE:(Common(Event(Expression(..............................................................................................................................................................................(135( CERT:(Computer(Emergency(Response(Team(....................................................................................................................................................(135( CIA:(Confidentiality,(Integrity,(Availability(.........................................................................................................................................................(135( CIF:(Collective(Intelligence(Framework(...............................................................................................................................................................(135( . CIQ:(Customer(Information(Quality(Committee(................................................................................................................................................(136( CIS:(Center(for(Internet(Security(..............................................................................................................................................................................(136( CLASP:(Comprehensive,(Lightweight(Application(Security(Process(.........................................................................................................(136( CM:(Configuration(Management(.............................................................................................................................................................................(136( CMM:(Capability(Maturity(Model(............................................................................................................................................................................(136( CMMI:(Capability(Maturity(Model(Integration(.................................................................................................................................................(136( CMRS:(Continuous(Monitoring(and(Risk(Scoring(.............................................................................................................................................(136( CMU:(Carnegie(Mellon(University(...........................................................................................................................................................................(136( . CNCI:(U.S.(Comprehensive(National(Cybersecurity(Initiative(.....................................................................................................................(136( . CNE:(Computer(Network(Espionage(......................................................................................................................................................................(136( COA:(Course(of(Action(...................................................................................................................................................................................................(136( COBIT:(Control(Objectives(for(Information(and(Related(Technology(......................................................................................................(136( COL:(Course(of(Law(........................................................................................................................................................................................................(136( CONOPS:(Concept(of(Operations(..............................................................................................................................................................................(136( COOP:(Continuity(of(Operations(...............................................................................................................................................................................(136( COP:(Common(Operating(Picture(............................................................................................................................................................................(136( COTS:(Commercial(OffYTheYShelf(.............................................................................................................................................................................(136( CPE:(Common(Platform(Enumeration(..................................................................................................................................................................(136( CPNI:(United(Kingdom's(Centre(for(the(Protection(of(National(Infrastructure(..................................................................................(136( CRL:(Certificate(Revocation(List(..............................................................................................................................................................................(136( CRUD(XF:(Create,(Read,(Update,(Delete,(eXecute,(conFigure(.......................................................................................................................(136( CSA:(Cloud(Security(Alliance(......................................................................................................................................................................................(136( CSIC:(Computer(Security(Incident(Coordination(..............................................................................................................................................(136( . CSIRT:(Computer(Security(Incident(Response(Team(.......................................................................................................................................(137( CSP:(Cyber(Security(&(Privacy(EU(Forum(............................................................................................................................................................(137( CSRC:(Computer(Security(Resource(Center(.........................................................................................................................................................(137( CYTIP:(Cyber(Threat(Intelligence(Program(.........................................................................................................................................................(137( CTP:(Cloud(Trust(Protocol(..........................................................................................................................................................................................(137( CVE:(Common(Vulnerabilities(and(Exposures(....................................................................................................................................................(137( CVRF:(Common(Vulnerability(Reporting(Format(.............................................................................................................................................(137( CVSS:(Common(Vulnerability(Scoring(System((CVSSYSIG)(............................................................................................................................(137( CWE:(Common(Weaknesses(Enumeration(..........................................................................................................................................................(137( CWRAF:(Common(Weakness(Risk(Analysis(Framework(................................................................................................................................(137( CWSS:(Common(Weakness(Scoring(System(........................................................................................................................................................(137( CybOX:(Cyber(Observable(eXpression(....................................................................................................................................................................(137( DISA:(U.S.(Defense(Information(Systems(Agency(..............................................................................................................................................(138( DLP:(Data(Loss(Prevention(.........................................................................................................................................................................................(138( DMG:(Data(Mining(Group(...........................................................................................................................................................................................(138( XORCISM(–(eXpandable(Open(Research(for(Cyber(Information(Security(Management( Copyright(©(2014(Jerome(Athias,(This(work(is(licensed(under(a(Creative(Commons(Attribution(4.0(International(License.( ( Page 8 of 179(
  9. 9. XORCISM(Overview(and(Concepts( DMZ:(Demilitarized(zone(............................................................................................................................................................................................(138( dnsSinkhole(.......................................................................................................................................................................................................................(138( DNS(Amplification(..........................................................................................................................................................................................................(138( DoD:(U.S.(Department(of(Defense(............................................................................................................................................................................(138( DR:(Disaster(Recovery(..................................................................................................................................................................................................(138( DRDoS:(Distributed(Reflective(Denial(of(Service(..............................................................................................................................................(138( DREAD:(Damage(potential,(Reproducibility,(Exploitability,(Affected(users,(Discoverability(........................................................(138( DRM:(Digital(Rights(Management(..........................................................................................................................................................................(138( DSS:(Defense(Security(Service((U.S.(Department(of(Defense)(......................................................................................................................(138( ECPA:(Electronic(Communications(Privacy(Act(................................................................................................................................................(138( EDI:(Electronic(Data(Interchange(...........................................................................................................................................................................(138( EDM:(Evaluate,(Direct(and(Monitor(.......................................................................................................................................................................(138( EDNS:(Extended(DNS(response(.................................................................................................................................................................................(138( EIN:(Employer(Identification(Number(..................................................................................................................................................................(138( ENISA:(European(Union(Agency(for(Network(and(Information(Security(..............................................................................................(138( ERM:(Enterprise(Risk(Management(.......................................................................................................................................................................(138( ESAPI:(OWASP(Enterprise(Security(API(................................................................................................................................................................(138( EWA:(Electronic(Warfare(Association,(Australia(.............................................................................................................................................(138( FAIR:(Factor(Analysis(of(Information(Risk(..........................................................................................................................................................(139( FHM:(Flaw(Hypothesis(Methodology(.....................................................................................................................................................................(139( FICAM:(Federal(Identity,(Credential,(Access(and(Management(.................................................................................................................(139( FIDO:(Fast(Identity(Online(..........................................................................................................................................................................................(139( FINE:(Format(for(Incident(Information(Exchange(..........................................................................................................................................(139( FIP:(Fair(Information(Practices(...............................................................................................................................................................................(139( FIPS:(U.S.(Federal(Information(Processing(Standards(...................................................................................................................................(139( FISM:(Federal(Information(Security(Memorandum(........................................................................................................................................(139( FISMA:(Federal(Information(Security(Management(Act(...............................................................................................................................(139( FRAP:(Facilitated(Risk(Analysis(Process(...............................................................................................................................................................(139( GEIT:(Governance(and(management(of(Enterprise(IT(...................................................................................................................................(139( GHDB:(Google(Hacking(Database(...........................................................................................................................................................................(140( . Google(Dork(......................................................................................................................................................................................................................(140( GPO:(Microsoft(Group(Policy(.....................................................................................................................................................................................(140( GRC(Stack:(Governance,(Risk(Management(and(Compliance(......................................................................................................................(140( HIPAA:(Health(Insurance(Portability(and(Accountability(Act(....................................................................................................................(140( HIPS:(Host(Intrusion(Prevention(Systems(............................................................................................................................................................(140( HMI:(HumanYMachine(Interface(..............................................................................................................................................................................(140( HOST:(Homeland(Open(Security(Technology(.....................................................................................................................................................(140( hpfeeds:(Honeynet(Project(generic(authenticated(datafeed(protocol(.....................................................................................................(140( HR:(Human(Resources(..................................................................................................................................................................................................(140( HSM:(Hardware(Security(Module(............................................................................................................................................................................(140( IaaS:(Infrastructure(as(a(Service(.............................................................................................................................................................................(140( IAM:(Identity(and(Access(Management(................................................................................................................................................................(140( IATF:(Information(Assurance(Technical(Framework(.....................................................................................................................................(140( IC:(Integrated(Circuit(....................................................................................................................................................................................................(140( ICS:(Industrial(Control(System(..................................................................................................................................................................................(140( ICSYISAC:(Industrial(Control(System(Information(Sharing(and(Analysis(Center(................................................................................(140( ICT:(Information(and(Communications(Technology(.......................................................................................................................................(140( IDS:(Intrusion(Detection(System(..............................................................................................................................................................................(140( IEEE:(Institute(of(Electrical(and(Electronics(Engineers(................................................................................................................................(140( IETF:(Internet(Engineering(Task(Force(................................................................................................................................................................(140( IM:(Instant(Message(......................................................................................................................................................................................................(141( XORCISM(–(eXpandable(Open(Research(for(Cyber(Information(Security(Management( Copyright(©(2014(Jerome(Athias,(This(work(is(licensed(under(a(Creative(Commons(Attribution(4.0(International(License.( ( Page 9 of 179(
  10. 10. XORCISM(Overview(and(Concepts( IOC:(Indicator(of(Compromise(..................................................................................................................................................................................(141( IP:(Internet(Protocol(.....................................................................................................................................................................................................(141( IPR:(Intellectual(Property(Rights(............................................................................................................................................................................(141( . IPS:(Intrusion(Prevention(System(............................................................................................................................................................................(141( IR:(Incident(Response(...................................................................................................................................................................................................(141( . IRM:(Information(Risk(Management(.....................................................................................................................................................................(141( ISA:(International(Society(of(Automation(...........................................................................................................................................................(141( . ISACA:(Information(Systems(Audit(and(Control(Association(.......................................................................................................................(141( ITSM:(IT(Service(Management(.................................................................................................................................................................................(142( . ITU:(International(Telecommunication(Union(..................................................................................................................................................(142( Jammer(...............................................................................................................................................................................................................................(142( . JSON:(JavaScript(Object(Notation(............................................................................................................................................................................(142( KISS:(Keep(it(Simple,(Stupid(.......................................................................................................................................................................................(142( KNOX:(Samsung(KNOX(.................................................................................................................................................................................................(142( KPA:(Key(Process(Area(.................................................................................................................................................................................................(142( KRI:(Key(Risk(Indicator(................................................................................................................................................................................................(142( LPE:(Local(Privilege(Execution(.................................................................................................................................................................................(142( MAEC:(Malware(Attribute(Enumeration(and(Characterization(................................................................................................................(142( MACCSA:(Multinational(Alliance(for(Collaborative(for(Cyber(Situational(Awareness(.....................................................................(142( MAL:(Malware(Analysis(Lexicon(..............................................................................................................................................................................(142( MAPP:(Microsoft(Active(Protections(Program(...................................................................................................................................................(142( MARS:(Microsoft(Active(Response(for(Security(..................................................................................................................................................(142( MCC:(Motor(Control(Center(........................................................................................................................................................................................(142( Megatron(...........................................................................................................................................................................................................................(142( MFA:(Multi(Factor(Authentication(..........................................................................................................................................................................(142( MIL:(Maturity(Indicator(Level(..................................................................................................................................................................................(142( MISP:(Malware(Information(Sharing(Platform(.................................................................................................................................................(142( MSRC:(Microsoft(Security(Response(Center(........................................................................................................................................................(142( MSSP:(Managed(Security(Service(Providers(.......................................................................................................................................................(142( MTPIS:(Managed(Trusted(Internet(Protocol(Services(....................................................................................................................................(143( NAC:(Network(Access(Control(...................................................................................................................................................................................(143( NAICS:(North(American(Industry(Classification(System(...............................................................................................................................(143( NAS:(Network(Attached(Storage(.............................................................................................................................................................................(143( NATO:(North(Atlantic(Treaty(Organization(.......................................................................................................................................................(143( NBA:(Network(Behavior(Analysis(............................................................................................................................................................................(143( NCCIC:(U.S.(National(Cybersecurity(and(Communications(Integration(Center(...................................................................................(143( NCCoE:(U.S.(National(Cybersecurity(Center(of(Excellence(............................................................................................................................(143( NCP:(U.S.(National(Checklist(Program(repository(............................................................................................................................................(143( NDA:(NonYDisclosure(Agreement(............................................................................................................................................................................(143( NESCOR:(National(Electric(Sector(Cybersecurity(Organization(Resource(............................................................................................(143( NISPOM:(National(Industrial(Security(Program(Operating(Manual(.......................................................................................................(143( NIST:(U.S.(National(Institute(of(Standards(and(Technology(........................................................................................................................(143( NMS:(Network(Management(System(.....................................................................................................................................................................(143( NRF:(U.S.(National(Response(Framework(............................................................................................................................................................(143( NSMS:(Network(Security(Management(System(.................................................................................................................................................(143( NTP:(Network(Time(Protocol(....................................................................................................................................................................................(143( NVD:(U.S.(National(Vulnerability(Database(........................................................................................................................................................(143( OASIS:(Organization(for(the(Advancement(of(Structured(Information(Standards(...........................................................................(143( OAuth:(Open(standard(for(Authorization(............................................................................................................................................................(143( OCSFP(Open(Cybersecurity(Framework(Project(...............................................................................................................................................(144( OCTAVE:(Operationally(Critical(Threat,(Asset,(and(Vulnerability(Evaluation(....................................................................................(144( XORCISM(–(eXpandable(Open(Research(for(Cyber(Information(Security(Management( Copyright(©(2014(Jerome(Athias,(This(work(is(licensed(under(a(Creative(Commons(Attribution(4.0(International(License.( ( Page 10 of 179(

×