Open gabrielcurrie opened 3 years ago
Note: There is currently a discussion about the term "incident" in the WG.
These elements are mainly required for LEA, as far as I know
Hi,
I believe a lot of these mentioned categories come from the older predecessor - the eCSIRT taxonomy.
RSIT took the eCSIRT taxonomy as a basis since it was the most commonly used taxonomy to describe incident reports / incidents amongst European CERTS.
So that’s why you might see some values as you mentioned.
Which is no issue actually IMHO as long as a taxonomy stays consistent. no one forces anyone to use all values the taxonomy offers.
Best, Aaron.
Mobile
On 30.12.2020, at 16:52, jhemp notifications@github.com wrote:
Note: There is currently a discussion about the term "incident" in the WG.
These elements are mainly required for LEA.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe.
Collect definitions and discuss in upcoming meeting: https://csrc.nist.gov/glossary/term/incident
The RSIT is described as a reference taxonomy for "security incidents" - is this term currently formally defined in the RSIT, and if not, should it be?
For example, I note that the current version of RSIT includes things that might be thought of as physical security issues (e.g., "Burglary" or "Sabotage") and safety or business continuity issues (e.g., "Outage"). Does the RSIT therefore cover these as well as cyber security incidents, and is this worth explicitly stating (via a definition)?
As a starter, NIST has a range of definitions, as does the UK's NCSC. ENISA has a glossary but this doesn't include anything to do with incidents.