mirror of
https://github.com/adulau/foo.be.git
synced 2024-12-25 18:06:00 +00:00
new: [blog] Improving Cybersecurity Impact Taxonomies
This commit is contained in:
parent
7388337485
commit
c50fd0b7fd
1 changed files with 46 additions and 0 deletions
|
@ -0,0 +1,46 @@
|
|||
---
|
||||
layout: post
|
||||
title: "Improving Cybersecurity Impact Taxonomies"
|
||||
date: 2024-12-08 00:01:00
|
||||
categories: infosec
|
||||
---
|
||||
|
||||
# Improving Cybersecurity Taxonomies Describing Impact and Cyber Harms Against Organizations
|
||||
|
||||
If you work in the cybersecurity field, the term `impact` is ubiquitous, appearing frequently in information security regulations such as NIS2 (and previously NIS1). It plays a critical role in reporting obligations and the definition of a `significant cyber threat`.
|
||||
|
||||
The definition and classification of `impact` have been subjects of debate for some time. I recently incorporated a MISP taxonomy inspired by a [2018 publication](https://academic.oup.com/cybersecurity/article/4/1/tyy006/5133288?login=false) titled *"A taxonomy of cyber-harms: Defining the impacts of cyber-attacks and understanding how they propagate."* This publication offers a detailed taxonomy of cyber-harms experienced by organizations, helping to better define and classify the impacts of cyber-attacks.
|
||||
|
||||
If you are incident responder or DFIR practioners, it's giving a good way to classify the impact of what you analyse or used as discussion source for the victims of the cyber attacks. Even within a SOC or CSIRT team, you can use consistent terminology to classify the actual impact.
|
||||
|
||||
The [organizational cyber harms taxonomy](https://www.misp-project.org/taxonomies.html#_organizational_cyber_harm) is divided into several clear categories (predicates):
|
||||
|
||||
- **physical-digital**
|
||||
- **economic**
|
||||
- **psychological**
|
||||
- **reputational**
|
||||
- **social-societal**
|
||||
|
||||
For example, the **economic** category provides a well-defined set of impacts that can be applied in various organizational contexts and cases, ranging from `disrupted-operations` and `reduced-profits` to `pr-response-costs`.
|
||||
|
||||
In 2015, when we began designing the MISP taxonomy format, we didn’t anticipate the widespread success of the [misp-taxonomies repository](https://github.com/misp/misp-taxonomies). Today, it is widely used across various open source (and proprietary) threat intelligence tools, analytical projects, and open data classification initiatives.
|
||||
|
||||
If you use and/or manage a [MISP](https://www.misp-project.org/) instance, the taxonomy integration is seamless. You can choose to use one or more taxonomies, select specific parts (e.g., a single tag from a larger taxonomy), enforce their usage, run analytics on specific tags, or even filter API responses based on selected tags from the taxonomies.
|
||||
|
||||
The [organizational cyber harms taxonomy](https://www.misp-project.org/taxonomies.html#_organizational_cyber_harm) provides a good basis for describing impact on specific events or incidents. This can be used in complement with
|
||||
|
||||
- [economical-impact](https://www.misp-project.org/taxonomies.html#_economical_impact) is a taxonomy designed to describe the financial impact, whether as a positive or negative outcome, on the tagged information (e.g., data exfiltration loss representing a negative impact for the victim but a positive gain for an adversary).
|
||||
- [nis2](https://www.misp-project.org/taxonomies.html#_nis2) is a taxonomy that includes impacted sectors, the severity of the impact (which is open to interpretation), and the impact outlook (e.g., whether it is increasing or decreasing over time).
|
||||
|
||||
An overview of the taxonomy as used in MISP:
|
||||
|
||||
![An overview of the taxonomy organizational cyber harms taxonomy in MISP, the open source threat intelligence sharing platform](/assets/taxo.png)
|
||||
|
||||
My hope is that more organizations will share details about the impacts of their own events, as well as insights from other incidents. I understand this can be challenging, as sharing TTPs of threat actors is currently more widely accepted than sharing details about impacts. However, I truly hope this trend will shift, enabling more robust analytics and a clearer understanding of the actual impact of incidents—whether it is accurately represented or inflated. The formalized [organizational cyber harms taxonomy](https://www.misp-project.org/taxonomies.html#_organizational_cyber_harm) provides a solid foundation for improving the description and analysis of impacts.
|
||||
|
||||
Don't hesitate to propose new taxonomies or suggest improvements via the [GitHub repository](https://github.com/misp/misp-taxonomies).
|
||||
|
||||
# References
|
||||
|
||||
- MISP Taxonomy: [organizational-cyber-harm](https://www.misp-project.org/taxonomies.html#_organizational_cyber_harm) - A taxonomy for classifying organizational cyber harms based on categories such as physical, economic, psychological, reputational, and social/societal impacts in [MISP standard](https://www.misp-standard.org/) format.
|
||||
- The [MISP Taxonomies collaborative GitHub repository](https://github.com/misp/misp-taxonomies) allows you to propose changes, updates, or corrections to the directory of taxonomies.
|
Loading…
Reference in a new issue