Greetings,
For those interested in the MILE side meeting, it will take place right after
the plenary, 19:30, in room 301A.
Best regards,
Brian
Begin forwarded message:
From: <kathleen(_dot_)moriarty(_at_)emc(_dot_)com>
Date: July 25, 2011 12:03:01 PM EDT
To: <trammell(_at_)tik(_dot_)ee(_dot_)ethz(_dot_)ch>,
<ietf(_at_)ietf(_dot_)org>, <saag(_at_)ietf(_dot_)org>,
<mile(_at_)ietf(_dot_)org>
Subject: RE: [mile] MILE side meeting, IETF81 in Quebec, Monday night July
25th
Hello,
Tonight's side meeting for MILE will be held in Room 301A, starting right
after the plenary at 19:30 EST. We plan to use the following bridge number
for those who could not be here in person:
Dial-in: 857.207.4204, 1, 60363236#
Thank you,
Kathleen & Brian
________________________________________
Managed Incident Lightweight Exchange (mile)
--------------------------------------------
Proposed Working Group Charter
Chairs:
Kathleen Moriarty <kathleen(_dot_)moriarty(_at_)emc(_dot_)com>
Brian Trammell <trammell(_at_)tik(_dot_)ee(_dot_)ethz(_dot_)ch>
Security Area Directors:
Stephen Farrell
<stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie<mailto:stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie>>
Sean Turner <turners(_at_)ieca(_dot_)com<mailto:turners(_at_)ieca(_dot_)com>>
Security Area Advisor:
Sean Turner <turners(_at_)ieca(_dot_)com>
Mailing Lists:
General Discussion: mile(_at_)ietf(_dot_)org
To Subscribe: http://www.ietf.org/mailman/listinfo/mile
Archive: http://www.ietf.org/mail-archive/web/mile
Description:
The Managed Incident Lightweight Exchange (MILE) pre-working group will
develop standards and extensions for the purpose of improving incident
information sharing and handling capabilities based on the work developed in
the IETF Extended INCident Handling (INCH) working group. The Incident
Object Description Exchange Format (IODEF) in RFC5070 and Real-time
Inter-network Defense (RID) in RFC6045 were developed in the INCH working
group by international Computer Security Incident Response Teams (CSIRTs) and
industry to meet the needs of a global community interested in sharing,
handling, and exchanging incident information. The extensions and guidance
created by the MILE working group assists with the daily operations of CSIRTs
at an organization, service provider, law enforcement, and at the country
level. The application of IODEF and RID to interdomain incident information
cooperative exchange and sharing has recently expanded and the need for
extensions has become more
im
portant. Efforts continue to deploy IODEF and RID, as well as to extend them
to support specific use cases covering reporting and mitigation of current
threats such as anti-phishing extensions.
An incident could be a benign configuration issue, IT incident, an infraction
to a service level agreement (SLA), a system compromise, socially engineered
phishing attack, or a denial-of-service (DoS) attack, etc.. When an incident
is detected, the response may include simply filing a report, notification to
the source of the incident, a request to a third party for
resolution/mitigation, or a request to locate the source. IODEF defines a
data representation that provides a standard format for sharing information
commonly exchanged about computer security incidents. RID enables the secure
exchange of incident related information in an IODEF format providing options
for security, privacy, and policy setting.
MILE leverages collaboration and sharing experiences with the work developed
in the INCH working group which includes the data model detailed in the
IODEF, existing extensions to the IODEF for Anti-phishing (RFC5901), and RID
(RFC6045, RFC6046) for the secure exchange of information. MILE will also
leverage the experience gained in using IODEF and RID in operational
contexts. Related work, drafted outside of INCH will also be reviewed and
includes RFC5941, Sharing Transaction Fraud Data.
The MILE working group provides coordination for these various extension
efforts to improve the capabilities for exchanging incident information.
MILE has several objectives with the first being a description a subset of
IODEF focused on ease of deployment and applicability to current information
security data sharing use cases. MILE also describes a generalization of RID
for secure exchange of other security-relevant XML formats. MILE produces
additional guidance needed for the successful exchange of incident
information for new use cases according to policy, security, and privacy
requirements. Finally, MILE produces a document template with guidance for
defining IODEF extensions to be followed when producing extensions to IODEF
as appropriate, for:
* labeling incident reports with data protection, data retention, and other
policies, regulations, and
laws restricting the handling of those reports
* reporting on mail service abuse incidents
* reporting forensic data generated during incident investigation
* reporting indicators of compromise in incident reports
* reporting on financial fraud incidents
* reporting incidents involving virtualized environments
* referencing SCAP enumerations from within incident reports
* profiling and reporting on characteristics of malware suspected or
confirmed to be involved in an incident
* profiling and reporting on characteristics of actors (persons or groups)
suspected or confirmed to be
involved in an incident
* reporting on misuse incidents
_______________________________________________
mile mailing list
mile(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/mile
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf