Message info
To:Adam W. Montville From:Waltermire, David A. Subject:Re: [sacm] First Cut at Use Case Draft Abstract Date:Thu, 29 Mar 2012 02:27:27 -0400

This makes sense to me.  I'll work on an update today to include these points.

From: Adam W. Montville []
Sent: Thursday, March 29, 2012 7:58 AM
To: Chernin, Michael A.
Cc: Waltermire, David A.;
Subject: Re: [sacm] First Cut at Use Case Draft Abstract


Dave, Kathleen and I had a similar discussion yesterday evening, and enabling data aggregation across tools was another point we considered.

At issue, I think, is appropriately scoping the abstract of the more complete document.  If we can include augmenting information sharing, data aggregation, and threat mitigation (as Tony points out and perhaps through system hardening/attack surface reduction), then we would have a more or less complete abstract, and could move into crafting the body of the informational document.



Sent from my iPhone

On Mar 28, 2012, at 8:48 PM, "Chernin, Michael A." <> wrote:



Very well written abstract. I was going to offer constructive criticism, but I was unable to find an easy way to slip these two topics into your abstract. I hope you dont mind that I lazily just throw the items out there. I feel its important that we also mention something about information sharing and the separation of tools from content. We already have security tool sales people that pitch to us and say they support the type of functionality described within the abstract using proprietary methods. In most cases senior management doesnt care if this is performed via proprietary or standardized methods (they just want it to work). But, if we start talking about owning content, information sharing of content, separation of tools from content, I believe we start speaking the language used when building the business case within private sector consumer adoption. This would hopefully motivate more consumer activity within the IETF regarding this topic as well






DTCC Non-Confidential (White)
Michael "Aharon" Chernin
Security Automation Program Manager
Technology Risk Management -Depository Trust & Clearing Corporation
O: 813-470-2173


From: [] On Behalf Of Waltermire, David A.
Sent: Wednesday, March 28, 2012 11:51 AM
Subject: [sacm] First Cut at Use Case Draft Abstract


A few us met this morning to discuss how to move forward with writing the use case document.  We agreed to first develop an abstract, then an intro, then work on the rest of the document.  This way we can build consensus as we delve into deeper detail.


Based on this plan, below is a first cut at an abstract.  Comments, changes or alternatives would be appreciated.


This draft identifies fundamental use cases, derived functional capabilities and requirements, architectural components, and the supporting standards needed to define the interoperable, automation infrastructure required to support timely, accurate and actionable situational awareness over an organizations IT infrastructure.  Automation tools implementing a continuous monitoring approach will utilize this infrastructure to provide visibility into the state of assets, user activities and network behavior.  Stakeholders will be able to use these tools to understand the organizations security posture, quantify business risk, and make informed decisions that support organizational objectives while protecting critical information.  Other automation tools will be able to leverage information provided by this infrastructure to enforce policies based on human decisions.




DTCC DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify us immediately and delete the email and any attachments from your system. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
sacm mailing list