IODEF Design Principles

• Content-driven
  • Object oriented approach allows simple introduction of new objects to extend new content description
  • Possibility to apply different attributes to different elements
• Unambiguous representation
  • The same Incident descriptions created by different CSIRTs should be identified as one Incident
  • Principle of Incident Object ownership
  • Current reality checking by IODEF WG
• Support correlation of related incidents
  • Provide basis for necessary cooperation between CSIRTs
• XML implementation
• Seamless IDMEF integration

Previous slide

Next slide

Back to first slide

View graphic version