IETF Logo Mail Archive

Re: [sacm] FOR REVIEW: Vulnerability Assessment Scenario Issue #1 - Managing Terminology

Adam Montville <adam.w.montville@gmail.com> Sat, 02 July 2016 14:22 UTC

Return-Path: <adam.w.montville@gmail.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26D8312D16F for <sacm@ietfa.amsl.com>; Sat, 2 Jul 2016 07:22:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JpZJNYo9-Wgp for <sacm@ietfa.amsl.com>; Sat, 2 Jul 2016 07:22:47 -0700 (PDT)
Received: from mail-oi0-x233.google.com (mail-oi0-x233.google.com [IPv6:2607:f8b0:4003:c06::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 20C0D12D0A6 for <sacm@ietf.org>; Sat, 2 Jul 2016 07:22:47 -0700 (PDT)
Received: by mail-oi0-x233.google.com with SMTP id f189so145816595oig.3 for <sacm@ietf.org>; Sat, 02 Jul 2016 07:22:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:mime-version:from:in-reply-to:date:cc:message-id:references :to; bh=juiI3gYWHU+PAMxq+gzsH5YGmevMLhFgHHctBOcw+EY=; b=h0vsOyetKgN8CAlvpwyIeH5oGvo4CRQrpxFtriT9NbeN3AVj+W4BUL/4O+ym1zza8Y aUBXJ7Lv2MPT1fDZSL/i4MpRM/mGunq3civVmLXDuvJ2Pda12ULUXfnPD0Fxwc8fltDu UsbR0dkW6cSzBR7FseMXQgOv/Q/lhTuGsqmIGwk/hbh7lgTz8rsFb/o9PsFJztoiYCUT T4on7/R+c5MTC6Rqnbm1hxX4GAA/gKpnzqa5AX1xQsK+bhGqOZW0mPnQLoags5TToz0y hmw0uTNsetr9SUyQslSxitiJ2Q4/T9NQBI81uvhdXI9EViNy0GO5tWCeIsA9poPinaqa 2pJw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:mime-version:from:in-reply-to:date:cc :message-id:references:to; bh=juiI3gYWHU+PAMxq+gzsH5YGmevMLhFgHHctBOcw+EY=; b=GILZFbCzTITpXNtH94w4pF7Q8Fmkl8QHhaiy4t2QZyPnz3Ys4OIEYbmcfLipDAK55d hQT6Dkgq8KUwkT31A68KB4u0KmL1C99U6dS0fO5YyhE28O/ZUOVgwKOvMFtu5Ozqc39F zNjvk/FOhFDIa5Ho70NKCUXZuIb+AD69ZoJoSen9uDbNt2jH15wduyC/icy79SNfqO21 96BTDFnXwtXXYpHu7UoO+/BUKFaAMVvy8ohkRyaN/IdkjsfHZAThBLlAKI7He2jHXdSm MsQ615qyS+S0Zl/66ywcwWm0FO4PpcRDXO+qCOCsVlP0II6r/YkGzv7JPaeWuaj3LvfA USSA==
X-Gm-Message-State: ALyK8tLKnkeqAOaW/2aJ0b7OkC+zRarwcPhqZaQrfvEeMUKVgIvpWSHOG/i3Gd/9xXbDyA==
X-Received: by 10.157.39.110 with SMTP id r101mr2083381ota.187.1467469366383; Sat, 02 Jul 2016 07:22:46 -0700 (PDT)
Received: from adams-mbp.attlocal.net (99-64-100-131.lightspeed.austtx.sbcglobal.net. [99.64.100.131]) by smtp.gmail.com with ESMTPSA id w6sm7342692ota.10.2016.07.02.07.22.44 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sat, 02 Jul 2016 07:22:44 -0700 (PDT)
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
Content-Type: multipart/signed; boundary="Apple-Mail=_76DBA557-515B-47F7-A002-C81755CAEE03"; protocol="application/pgp-signature"; micalg="pgp-sha512"
X-Pgp-Agent: GPGMail 2.6b2
From: Adam Montville <adam.w.montville@gmail.com>
In-Reply-To: <BY2PR09MB1078AEF51612150472DCB33DA5240@BY2PR09MB1078.namprd09.prod.outlook.com>
Date: Sat, 02 Jul 2016 09:22:41 -0500
Message-Id: <868A1477-60E6-4EAF-BB6D-4910C8E47810@gmail.com>
References: <BY2PR09MB1078B0A7E6D0619AE9691149A5480@BY2PR09MB1078.namprd09.prod.outlook.com> <D894CBB7-B2B2-4A78-A1BD-B8F5CD104B03@gmail.com> <BY2PR09MB10786422A2275AB93A580663A54F0@BY2PR09MB1078.namprd09.prod.outlook.com> <BY2PR09MB107805B9E5DF0CD070296E6DA5460@BY2PR09MB1078.namprd09.prod.outlook.com> <5751D73F.3060000@sit.fraunhofer.de> <BY2PR09MB10785D4627A83F68049416C1A55D0@BY2PR09MB1078.namprd09.prod.outlook.com> <CAA=AuEcHKw0+6Yn3PmhOXxZe816U3cT7unLMXg9D7v1_ZDBn2Q@mail.gmail.com> <BY2PR09MB1078AEF51612150472DCB33DA5240@BY2PR09MB1078.namprd09.prod.outlook.com>
To: "Haynes, Dan" <dhaynes@mitre.org>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/OzkEwKWX0SuCgwPJIYn374ZkJeA>
Cc: Jerome Athias <athiasjerome@gmail.com>, "sacm@ietf.org" <sacm@ietf.org>
Subject: Re: [sacm] FOR REVIEW: Vulnerability Assessment Scenario Issue #1 - Managing Terminology
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Jul 2016 14:22:49 -0000

No objections from me.

> On Jun 30, 2016, at 3:16 PM, Haynes, Dan <dhaynes@mitre.org> wrote:
> 
> I just wanted to follow on this thread.  Based on the 6/15 virtual interim meeting [1], there seemed to be consensus that we would leave the terms from the Vulnerability Assessment Scenario I-D [2] as well as include them in the Terminology I-D [3].  The reasoning behind this was:
> 
> 1) Terms would be included in the Vulnerability Assessment Scenario I-D for improved-readability (don't need to keep looking at Terminology I-D to know what the terms mean)
> 2) Terms would be included in the Terminology I-D to capture the WG's thinking at a specific point in time as well as enable the use of the terms in other I-Ds where appropriate
> 
> Does this approach reasonable to others?  Are there any major objections?  Please let me know by next Wednesday July 6th.
> 
> Thanks,
> 
> Danny
> 
> [1] https://www.ietf.org/proceedings/interim-2016-sacm-04/minutes/minutes-interim-2016-sacm-4
> [2] https://datatracker.ietf.org/doc/draft-ietf-sacm-vuln-scenario/
> [3] https://datatracker.ietf.org/doc/draft-ietf-sacm-terminology/
> 
>> -----Original Message-----
>> From: Jerome Athias [mailto:athiasjerome@gmail.com]
>> Sent: Monday, June 13, 2016 1:45 AM
>> To: Haynes, Dan <dhaynes@mitre.org>
>> Cc: sacm@ietf.org
>> Subject: Re: [sacm] FOR REVIEW: Vulnerability Assessment Scenario Issue #1
>> - Managing Terminology
>> 
>> Hi,
>> 
>> 7) "Workflow or process engine" would, IMHO, be ITIL compliant
>> 
>> 
>> "More likely they would be using the Critical Security Controls framework."
>> Right, I understand this statement in a maturity level context, etc.
>> (I appreciate a lot the CSC, and its usage in SACM) I'm just thinking about
>> providing metrics from SACM (to be aligned with strategic levels) But I don't
>> want to add 'complexity'
>> 
>> Regards
> _______________________________________________
> sacm mailing list
> sacm@ietf.org
> https://www.ietf.org/mailman/listinfo/sacm

v2.23.0 | Report a Bug | By Email