Standards Process

OMG Threat/Risk Standards Initiative

The Object Management Group (OMG) has issued an RFP for an operational threat and risk model to facilitate information sharing, federation and analytics. The Threat and Risk community has bound together to create a specification that is being submitted to the OMG process for standardization. This community and "submission team" is open to qualified stakeholders to help us create this standard.

Below are links to some of of our artifacts in progress. Note that these represent an early draft and there is still ample opportunity to help shape the standards.

OASIS Cyber Threat Intelligence (CTI) Technical Committee

Traditional approaches for cyber security that focus inward on understanding and addressing vulnerabilities, weaknesses, and configurations are necessary but insufficient in today's dynamic cyber landscape. Effective defense against current and future threats also requires the addition of an outward focus on understanding the adversary's behavior, capability, and intent. Only through a balanced understanding of both the adversary and ourselves can we understand enough about the true nature of the threats we face to make intelligent defensive decisions. The development of this understanding is known as cyber threat intelligence (CTI).