[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
agenda item: minor charter revision for INCH
Not sure if this makes the deadline or not, but I'll try; if not, it's
for the next call...
------
The following are the charter changes to INCH necessary to support the
rid draft (draft-moriarty-ddos-rid-05.txt).
[Drop the second paragraph of the Background section that starts with
"There is a substantial amount of related work in the domain of TERENA
..."]
[Replace the introductory paragraph of the Scope section with the
following text]
The purpose of the Incident Handling (INCH) working group is to define a
data format for exchanging security incident information used by a CSIRT.
A CSIRT is defined broadly as an entity with a security role or
responsibility in a given organization. Often there is a communication
and collaborating component. Organizationally, a CSIRT might be a
dedicated team in a network operations group, or a single individual with
other responsibilities.
The primary use case for the INCH work is to standardize the the
communication between a CSIRT and:
- its constituency (e.g., users, customers) reporting misuse;
- parties involved in an incident (e.g., law enforcement, attacking
site); or
- peer CSIRTs sharing information.
In doing such sharing, especially when action is being requested, due
attention must be paid to authorization and privacy issues.
--Steve Bellovin, http://www.research.att.com/~smb