Chapter 3 – |
Using a "Common Language" for Computer Security Incident Information |
John Howard
Pascal Meunier, Ph.D.
Chapter Contents:
|
3.1 |
|
Introduction
|
|
3.2 |
|
Why a "Common Language" is Needed
|
|
3.3 |
|
Development of the Common Language
|
|
3.4 |
|
Computer Security Incident Information Taxonomy
|
|
3.4.1 |
|
Events
|
|
3.4.1.1 |
|
Actions
|
|
3.4.1.2 |
|
Targets
|
|
3.4.2 |
|
Attacks
|
|
3.4.2.1 |
|
Tool
|
|
3.4.2.2 |
|
Vulnerability
|
|
3.4.2.3 |
|
Unauthorized result
|
|
3.4.3 |
|
Full Incident Information Taxonomy
|
|
3.4.3.1 |
|
Attackers and their objectives
|
|
3.5 |
|
Additional Incident Information Terms
|
|
3.5.1 |
|
Success and Failure
|
|
3.5.2 |
|
Site and Site Name
|
|
3.5.3 |
|
Other Incident Terms
|
|
3.6 |
|
How to Use The Common Language
|
|
|
|