The IT Law Wiki

Incident Object Description Exchange Format

32,062pages on
this wiki
Add New Page
Add New Page Talk0

Definition Edit

The Incident Object Description Exchange Format (IODEF) defines a data representation that provides a framework for sharing information commonly exchanged by Computer Security Incident Response Teams (CSIRTs) about computer security incidents.[1]

Overview Edit

"It provides an XML representation for conveying incident information across administrative domains between parties that have an operational responsibility of remediation or a watch-and-warning over a defined constituency. The data model encodes information about hosts, networks, and the services running on these systems; attack methodology and associated forensic evidence; impact of the activity; and limited approaches for documenting workflow.

The overriding purpose of the IODEF is to enhance the operational capabilities of CSIRTs. Community adoption of the IODEF provides an improved ability to resolve incidents and convey situational awareness by simplifying collaboration and data sharing. This structured format provided by the IODEF allows for:

References Edit

  1. RFC 5070:The Incident Object Description Exchange Format, at 1 (Dec. 2007).
  2. Id.

Also on Fandom

Random Wiki