IODEF Design: Problems addressed

Problems addressed by IODEF:



• Incident data are inherently heterogeneous
  • May change during lifetime/investigation
• Incident information can originate from different sources
  • Incident Object may be created by CSIRT, reported by community or initially based on IDS Alert
• Incident description may contain sensitive information
  • Sensitive information should be protected
  • Evidence integrity (and sometimes confidentiality) should be protected
• CSIRT handling current Incident is the owner of this IO

Previous slide

Next slide

Back to first slide

View graphic version