The IT Law Wiki


32,077pages on
this wiki
Add New Page
Add New Page Talk0

Definitions Edit

Security Edit

An indicator is

human-readable cyber data used to identify some form of malicious cyber activity and are data related to IP addresses, domains, email headers, files, and strings."[1]
[a[n artifact or observable that suggests that an adversary is preparing to attack, that an attack is currently underway, or that a compromise may have already occurred.[2]
a generalized, theoretical statement of a course of action or decision that is expected to be taken in preparation for an aggressive act and that can be used to guide intelligence collection resources. Commonly, indicators are developed from enemy doctrine, or from previous military operations or exercises, and an analyst's ability to apply logic and common sense.[3]

An indicator is "[a] sign that an incident may have occurred or may be currently occurring."[4]

Statistics Edit

Indicators are

a scaffolding of statistics to which decision makers can relate other elements needed to make decisions. Indicators often are used to tell an end-to-end story on a policy-relevant topic.[5]

Overview (Security) Edit

"Indicators may include, for example, file hashes, computer code, malicious URLs, source email addresses, and technical characteristics of malware (e.g., "a pdf file of a certain size attached")."[6]

"Indicators can be either unclassified or classified. Classification of identified indicators is dictated by its source."[7]

References Edit

  1. Privacy Impact Assessment for EINSTEIN 3-Accelerated (E3A), at 3 n.5.
  2. NIST Special Publication 800-150, at 59.
  3. Intelligence Warning Terminology, at 22.
  4. NIST Special Publication 800-61 (rev. 2), Glossary, at C-1.
  5. Capturing Change in Science, Technology, and Innovation: Improving Indicators to Inform Policy, at xiii.
  6. Antitrust Policy Statement on Sharing of Cybersecurity Information, at 3 n.5.
  7. Id.

Also on Fandom

Random Wiki