Information structuring refers to "methods and standards that organize data into components and relationships."
|| A general example of structured information is a United States address. Its components are street number, street name, city, state, and zip code. States have fixed two‐digit code names and zip codes have a specified five‐ or nine‐digit format. An example of structured cyber security information is Common Platform Enumeration (CPE), a naming scheme for some elements of cyber systems. The top‐level components of a CPE are platform name, hardware parts, operating system parts, and application parts. Structured cyber security information is necessary to automate activities that identify and manage cyber devices and their components, describe and manage security configurations and vulnerabilities, identify and track attackers and attack tools (e.g., malicious code or botnets), detect and describe events and attacks, express and execute cyber security policies or courses of action, describe and provide notice of cyber posture, and so on.
- ↑ Enabling Distributed Security in Cyberspace: Building a Healthy and Resilient Cyber Ecosystem with Automated Collective Action, Glossary, at 28.
- ↑ Id.